too late to change to security branch?

Kevin Kinsey kdk at
Thu Oct 4 13:34:32 PDT 2007

Bill Stwalley wrote:
> On 9/30/07, Rakhesh Sasidharan <rakhesh at> wrote:
>> Hi Bill!
>>> I have servers running 6.1 and 6.2.  I use freebsd-update in cron jobs
>> to
>>> install binary security update to the base system, and use
>> cvsup/portupgrade
>>> in cron jobs to install port updates.  By default, cvsup uses CURRENT
>>> branch.
>> The ports system doesn't have any branches. The same tree is used between
>> all the different FreeBSD branches so you can't just track security
>> updates only. You track it using portupgrade/ cvsup.
>> The base system has many branches. In your case, you seem to be following
>> the security branches for 6.1 and 6.2 using freebsd-update.
>>> I am tired of some updates breaking something unnecessarily, and am
>> thinking
>>> of changing to SECURITY branch in cvsup.  Is that possible?  Some of my
>>> ports are already locally compiled with customized options.
>> Maybe you can provide more info on what's breaking?
>> I use FreeBSD for a couple of headless machines. No X and other stuff, but
>> I haven't had any breakages so far. *touchwood* Do go though the UPDATING
>> file to check out any gotchas before updating.
>> HTH,
>>                                 - Rakhesh
> I'm grateful to all your clarifications, as I feel this operation system is
> really supported with care.
> Our uw-imap was broken recently for a few days as people could not login, so
> I had to switch to dovecot.  Nothing was mentioned in the UPDATING file,
> although there was indeed a big update of uw-imap.  I only got relieved
> after finding
> a couple days later.
> Things similar to this, although to less extent, did happen once a couple
> months, sometimes the "postfix" and other startup scripts in
> /usr/local/etc/rc.d/ will be renamed to "" or vice verser by port
> upgrade, that broke my other scripts.
> As everyone appears to suggest against updating ports in cron job and
> suggest reading UPDATING instead and then updating by hand, I'm really
> curious: Is it practical to do that when you manage a dozen servers?  I
> imagine doing that alone would be a substantial job.  However crontab
> updated ports do take down services from time to time.
> Best, Bill

In the Handbook, Chapter 23.5, is one plan:


Kevin Kinsey
APL is a natural extension of assembler language programming;
...and is best for educational purposes.
		-- A. Perlis

More information about the freebsd-questions mailing list