FreeBSD Patch question

[Devon H. O'Dell]

V. Jones wrote:

>Thanks to everyone who responded - my question really had more to do with applying patches as they are presented in the various security advisories.  It sounds like most of you don't do it that way; it sounds like you track freebsd-stable using cvsup.  However, section 21.2.2.2 of the handbook seems to advise against doing this when all you want to do is apply security fixes:
>
>"While it is true that security fixes also go into the FreeBSD-STABLE branch, you do not need to track FreeBSD-STABLE to do this. Every security advisory for FreeBSD explains how to fix the problem for the releases it affects [1] , and tracking an entire development branch just for security reasons is likely to bring in a lot of unwanted changes as well."
>
>My intention is to apply the patches as instructed in the advisories.  I'll resolve my issues with pgp so that I can validate the files first, then apply them one at a time.  
>  
>
I do not track FreeBSD-STABLE (on my production boxes) and don't really 
advise people running production servers to run the -STABLE branch. 
FreeBSD-STABLE is another development branch; the stabilization branch, 
as it were. The handbook advises against it because it's a development 
branch and isn't meant for production servers. The most stable FreeBSD 
you can get is a -RELEASE snapshot. All security advisories are tracked 
for the -RELEASE snapshot. If you're tracking 4.8-RELEASE, you'd simply 
have RELENG_4_8 in your supfile. This is, as far as I've been able to 
tell in my past 5 years of experience with FreeBSD, the recommended way 
of doing things.

Then again, I don't blame you for wanting to validate every patch :)

--Devon