too late to change to security branch?

Kevin Kinsey kdk at daleco.biz
Thu Oct 4 13:34:32 PDT 2007 

Bill Stwalley wrote:
> On 9/30/07, Rakhesh Sasidharan <rakhesh at rakhesh.com> wrote:
>>
>> Hi Bill!
>>
>>> I have servers running 6.1 and 6.2.  I use freebsd-update in cron jobs
>> to
>>> install binary security update to the base system, and use
>> cvsup/portupgrade
>>> in cron jobs to install port updates.  By default, cvsup uses CURRENT
>>> branch.
>> The ports system doesn't have any branches. The same tree is used between
>> all the different FreeBSD branches so you can't just track security
>> updates only. You track it using portupgrade/ cvsup.
>>
>> The base system has many branches. In your case, you seem to be following
>> the security branches for 6.1 and 6.2 using freebsd-update.
>>
>>> I am tired of some updates breaking something unnecessarily, and am
>> thinking
>>> of changing to SECURITY branch in cvsup.  Is that possible?  Some of my
>>> ports are already locally compiled with customized options.
>> Maybe you can provide more info on what's breaking?
>>
>> I use FreeBSD for a couple of headless machines. No X and other stuff, but
>> I haven't had any breakages so far. *touchwood* Do go though the UPDATING
>> file to check out any gotchas before updating.
>>
>> HTH,
>>
>>
>>                                 - Rakhesh
>>                                  http://rakhesh.net/
>>
> 
> I'm grateful to all your clarifications, as I feel this operation system is
> really supported with care.
> 
> Our uw-imap was broken recently for a few days as people could not login, so
> I had to switch to dovecot.  Nothing was mentioned in the UPDATING file,
> although there was indeed a big update of uw-imap.  I only got relieved
> after finding
> http://lists.freebsd.org/pipermail/freebsd-ports/2007-October/044051.htmlposted
> a couple days later.
> 
> Things similar to this, although to less extent, did happen once a couple
> months, sometimes the "postfix" and other startup scripts in
> /usr/local/etc/rc.d/ will be renamed to "postfix.sh" or vice verser by port
> upgrade, that broke my other scripts.
> 
> As everyone appears to suggest against updating ports in cron job and
> suggest reading UPDATING instead and then updating by hand, I'm really
> curious: Is it practical to do that when you manage a dozen servers?  I
> imagine doing that alone would be a substantial job.  However crontab
> updated ports do take down services from time to time.
> 
> Best, Bill

In the Handbook, Chapter 23.5, is one plan:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/small-lan.html

HTH,

Kevin Kinsey
-- 
APL is a natural extension of assembler language programming;
...and is best for educational purposes.
		-- A. Perlis

More information about the freebsd-questions mailing list