Same version on binary packages and updated ports
RW
rwmaillists at googlemail.com
Fri Dec 30 14:55:35 UTC 2011
On Fri, 30 Dec 2011 14:31:17 +0100
Polytropon wrote:
> On Fri, 30 Dec 2011 13:14:35 +0000, RW wrote:
> > One strategy is to use csup to only update the port tree to release
> > tags and so use successive release packages as you update the base
> > system. You need to check portaudit for vulnerabilities.
>
> For such tasks, csup provides a good basis for explicitely
> specifying a RELEASE or security patch level. This can be
> applied to both the sources and the ports tree (of the
> corresponding date).
You would use the tag that was used for the tree on the disk.
> > An alternative is to use stable packages. There are two problems
> In this case, I would also suggest using the compiling
> approach. Binary packages don't give you the flexibility
> to follow -STABLE or -RELEASE-p<level> that closely in
> time.
If you are going to compile you might as well use a release security
branch. I was describing how to avoid a specific pitfall with STABLE
packages.
There's no need to keep world and port versions closely matched, the
only time there is any connection between the two is when the ports
tree is tagged for building release packages. It's a matter of policy
that older packages will work with later worlds on the same stable
branch. The issue is that some ports may build different packages, with
identical package names, depending whether they are built before or
after a new feature has been MFC'ed into STABLE.
More information about the freebsd-questions
mailing list