From owner-freebsd-stable@FreeBSD.ORG Tue Apr 24 10:54:20 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C27DA106564A for ; Tue, 24 Apr 2012 10:54:20 +0000 (UTC) (envelope-from prabhpal@digital-infotech.net) Received: from mail.digital-infotech.net (mail.digital-infotech.net [41.211.25.193]) by mx1.freebsd.org (Postfix) with ESMTP id 2D5F58FC0C for ; Tue, 24 Apr 2012 10:54:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.digital-infotech.net (Postfix) with ESMTP id 0DE862E400C; Tue, 24 Apr 2012 11:02:57 +0000 (GMT) Received: from mail.digital-infotech.net ([127.0.0.1]) by localhost (mail.digital-infotech.net [127.0.0.1]) (maiad, port 10024) with ESMTP id 01568-10; Tue, 24 Apr 2012 11:02:56 +0000 (GMT) Received: from mail.digital-infotech.net (localhost [127.0.0.1]) by mail.digital-infotech.net (Postfix) with ESMTP id 8586D2E400A; Tue, 24 Apr 2012 11:02:56 +0000 (GMT) Received: from 41.211.25.193 (SquirrelMail authenticated user prabhpal@digital-infotech.net) by mail.digital-infotech.net with HTTP; Tue, 24 Apr 2012 11:02:56 -0000 Message-ID: In-Reply-To: References: <542d8a7ba1b614d2260f117a29e412cb.squirrel@mail.digital-infotech.net> Date: Tue, 24 Apr 2012 11:02:56 -0000 From: "Prabhpal S. Mavi" To: "Lars Wilke" User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-stable@freebsd.org Subject: Re: FreeBSD_9.0_Port_Upgrade - Exclude Ports X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: prabhpal@digital-infotech.net List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2012 10:54:20 -0000 > * Prabhpal S. Mavi wrote: >> Dear FreeBSD Friends, >> >> i have FreeBSD 9.0 Stable Running the following roles for past four >> months. Everything is functioning smooth alright. I read that system >> should be upgraded frequently. i am afraid that if i upgrade something >> can >> break. >> >> i am planing to run it like that until FreeBSD 9.2 is out, perhaps two >> years before upgrade. i am not sure if this is a good idea. i seek your >> advice about the upgrade. >> >> ROLE: Postfix Mail Server With Virtual Users Support Using MySQL >> Database, >> Apache Web Server, Certificate Authority (CA). Squirrelmail, Postfix >> Admin, Maia MailGuard Postfix-Admin, SPF, Postgray Filter, >> spamassassin, >> Clamav. >> [...] > > First you have to be aware that the stable tree in FBSD means something > completly different than a release in Red Hat/CentOS land. > > Here stable is the stable branch which gets updates, bugfixes and new > features. From this branch the next release is created. > > These updates and new features might not be as disruptive as > in the development branch but still things change. > So you might consider using a release branch instead, which only gets > security and critical bugfixes. > > Critical really means critical here and not every bugfix around. > In this regard a release branch is very stable :) > > So with stable you are really tracking a rolling release more like > Debian testing or say a rolling release repository like the fasttrack > repo in CentOS/Scientific Linux. > > While the release branch is more like staying on the same minor release > in Red Hat. But the minor release in Red Hat gets far more updates even > for not so serious bugs and sometimes even driver updates. > > The last part is AFAIU the reason that many people recomend the stable > branch in FBSD, b/c you get bugfixes and some driver updates faster or > even at all. > > If you would be on the release branch you would either have to switch > to stable or wait for the next release branch to get these updates and > fixes. > > As you are on stable i would suggest a test machine with the same > setup, or at least a virtual machine with the same setup. Maybe a jail > will do for you, else you could use something like virtualbox. > > Backups, always have backups and do some backups before doing something. > Under Linux there is a nifty tool called etckeeper, it basically hooks > into the package manager and tracks changes to /etc via version control. > No idea if something like this is available under FBSD but you could > roll your own ... > > If you use ZFS snapshots are easy and cheap, also there is basic Live > Upgrade/Boot Environment support. > > http://anonsvn.h3q.com/projects/freebsd-patches/wiki/manageBE > > If you use ZFS, i really suggest you look into this one, b/c it allows > you to switch your complete system around at will. Also, the updates > can be tested on an exact production copy without affecting the running > system. > > On the security side i would suggest some form of host basesd intrusion > detection and some common sense hardening. > > Generally monitoring (alarming+capacity/trending) for a live service is > a good idea, too. > > Accompanied by following the security advisories and using portaudit > should > be enough, i guess ... > > hth > --lars > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > Dear All, First, thank you very much for your valuable advice time and efforts you did put to write the response. how can i exclude some ports from being update when using port manager utility? i mean which switch can i use or edit the file for exclude. Thanks / Regards Thanks / Regards Prabhpal