Date: Wed, 12 Oct 2005 23:43:01 +0400 From: "Andrew P." <infofarmer@gmail.com> To: David Kirchner <dpk@dpk.net> Cc: freebsd-questions@freebsd.org, Cody Holland <cholland@redmoonbroadband.com> Subject: Re: Patch vs. Upgrade Message-ID: <cb5206420510121243w10326da7p6454f499a0050d1b@mail.gmail.com> In-Reply-To: <35c231bf0510121155h55f8fae8r93fb25a9f01ca3f4@mail.gmail.com> References: <4B3EE484EEA4F344BBB62F8316489986467895@corpsrv.RedMoon.local> <35c231bf0510121155h55f8fae8r93fb25a9f01ca3f4@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/12/05, David Kirchner <dpk@dpk.net> wrote: > On 10/12/05, Cody Holland <cholland@redmoonbroadband.com> wrote: > > Thanks for the response. I did a terrible job of asking the correct > > question to get the response I wanted. I do know to cvsup the source > > and build/make world. I currently have 4 FreeBSD servers in production > > serving various tasks. The question I should have been asking is: > > Is using the security patches provided by the FreeBSD maintainers as > > good as actually updating the whole server? What are the pros and cons > > of using the security patches vs. full source upgrade via cvsup? > > If you cvsup, you're going to get more than just security patches. > Basically, program functions could change in unexpected ways (unless > you read /usr/src/UPDATING and it contains everything changed). When > you do the specific security patch, you're reducing change, and thus > reducing the chance of something else going "wrong" for you. > > It's probably safest to just do the security patch. However, if you > ask questions about it on the mailing lists, your "uname -a" output > won't be a complete picture of what has been patched. If you use the > cvsup method, I believe your uname will show something like > '5.4-RELEASE-p7'. Of course, most mailing list replies will be to > upgrade to 6.0 or 7.0 but that's a side issue. :) > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > That's just not true. Cvsupping to something like RELENG_5_4 will do exactly the same thing as a patch, only it's the hassle-free way. You see a sec-advisory, you type "cvsup -g -L 2 mysup" recompile what's suggested in the advisory, or the whole world - and you're done. On the contrary to your latter statement, if you start describing your problem with "I'm on FreeBSD-Current", you'll be advised to downgrade to Stable at least.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb5206420510121243w10326da7p6454f499a0050d1b>