Staying up to date with security patches

Michael mlmichael70 at
Mon Jul 12 19:31:09 UTC 2010

On 02/07/2010 22:58, Mike Clarke wrote:
> On Friday 02 July 2010, Ed Flecko wrote:
>> Since I will be doing a custom kernel at some point, I won't use
>> freebsd-update, I'm using cvsup instead.
> The alternative would be to just use the source code patches from the
> security-advisories mailing list. That way you don't have to rebuild
> the whole base system each time, though some of the patches will
> require the kernel to be rebuilt.

That's what I used to do and it works. Only trouble is that in some 
cases it turns out that it's not enough to simply follow instructions 
from security advisory. You have to manually make other parts of the 
system otherwise updating will fail. I found it somewhat confusing and 
time consuming.

Now I'm using freebsd-update with my custom built kernel and it also 
works fine. I just have to remember to rebuild and reinstall my kernel 
every time after using freebsd-update (or in fact only when kernel code 
is affected). That way I got very quick and no-brainer system updates.
Is it not advised to do it this way?


More information about the freebsd-questions mailing list