From owner-freebsd-questions@FreeBSD.ORG Wed Aug 11 06:02:46 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5478E16A4CE for ; Wed, 11 Aug 2004 06:02:46 +0000 (GMT) Received: from grog.secure-computing.net (grog.secure-computing.net [63.228.14.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id D31DC43D3F for ; Wed, 11 Aug 2004 06:02:45 +0000 (GMT) (envelope-from ecrist@secure-computing.net) Received: from Nomad (nat-server.secure-computing.net [63.228.14.245]) (authenticated bits=0)i7B62LEC012882; Wed, 11 Aug 2004 01:02:22 -0500 (CDT) (envelope-from ecrist@secure-computing.net) From: "Eric Crist" To: "'Rail mail'" , Date: Wed, 11 Aug 2004 00:59:46 -0500 Message-ID: <037901c47f68$6cd60c30$6401a8c0@Nomad> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 In-Reply-To: Importance: Normal X-Virus-Scanned: clamd / ClamAV version 0.74, clamav-milter version 0.74a on grog.secure-computing.net X-Virus-Status: Clean Subject: RE: upgrade X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Aug 2004 06:02:46 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Rail mail > Sent: Wednesday, August 11, 2004 12:28 AM > To: freebsd-questions@freebsd.org > Subject: upgrade > > > moved from slowlaris to freebsd for a web server. it is in a > production environment. > > will a binary upgrade catch all the security updates? should > I expect anything to break? (at least web server, ftp and ssh) > > besides time and effort, how does cvsup and build world > compare to binary upgrade? > > should I run the upgrade from sysinstall from disk, or throw > in a cd and use that sysinstall? > > the quick and dirty of the system is > running 5.1 on a dual xeon, hot swap scsi disks, tape drive > > thanks Congratulations on the move to FreeBSD. I think you will find it was a wise move! The difference between a binary upgrade and an upgrade via CVS or cvsup is the time between creation of the sources. Binary upgrades generally come out durning major releases, for example, from 4.9 to 4.10. Any security patches added between that time were only available with a CVS/cvsup upgrade, followed by a system rebuild. If you're looking for an install-time answer to your third question, I usually download a 'mini' .ISO and install via FTP, to catch the most recent version of the 4.x branch. Then I immediately follow with a cvsup and a make world, followed by a new kernel build. This ensures I have the best sources and most current security patches (that are stable). As to your last question, although I quoted 4.x branch sources/binaries, this all applies the same to the 5.x and beyond. Hope this was a help. Eric F Crist