Help understanding basic FreeBSD concepts (ports, updates, jails)

[Roger]

Hello all,

I'm coming from Linux and I would appreciate it if I could get some
help understanding some basic FreeBSD concepts.
Here is the output of 'uname -r' is "7.2-RELEASE-p4".

My first concerned is how do I keep FreeBSD up to date.
According to the FreeBSD site, the lastest production release is 7.2.
Is this the version that is recommended to have in a production
server?
According to what I have read from the Handbook and searches in
google, the way to stay up to date
binary wise is to use "freebsd-update", is this correct?
I believe freebsd-update will update the base system but not the
ports. Please correct me if I'm wrong.

My second concerned is the ports. In the file "ports-supfile" there is
one option, "*default release=cvs tag=.".
I believe this specifies which cvs tag to use when pulling files from
the ports. At one point I had "*default release=cvs
tag=RELEASE_7_2_0".
When I pulled the ports using the "RELEASE_7_2_0" tag and tried to
build "portsupgrade" the installation failed because the ruby version
that was going to be installed I believe had a security problem. (I
love the fact that I was stopped from installing software that is
KNOWN to be vulnerable).
I figured that maybe I needed to get the latest version. So I went
ahead and changed the cvs tag to "." (which I believe means the head
version).
I updated the ports and then tried the installation again, this time
the installation went further but failed again due to the fact that
my libtool (I can't remember the exact name) was older than what the
installation required. So that threw me off.
I believe that libtool is part of the base system and not the ports, correct?
 So that made me think that maybe because of using the latest version
of the ports I can build certain ports if my base is not
concurrent (in terms of what the ports requires and what my system
offers) with the port system.
So my question is this, if my FreeBSD release is 7.2-RELEASE-p4 which
tag should I set for the ports system?
Should I put the tag "RELEASE_7_2_0" and then wait for a security fix
of the particular port (ruby) and then proceed to install?
What is the recommended approach if your aim is to have your system up
to date and stable?
Another question that I have about the port system is, if LibX has a
security update (or simply a bug fix) and programs from the ports
programA, programB and programC depend on that library what is the
recommended way to perform the upgrade that will also handle upgrading
those programs?

My third item is jails. I currently have only one external IP. I would
like to setup two jails, one for apache and the other for postfix.
Would that require more external IPs? If I wanted to have ssh access
to the host and the jails that would definitely will require 3
external IPs right?

Thank you very much for your time and patience,

-r