From owner-freebsd-stable Sat Dec 28 8:45:25 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF2F937B401 for ; Sat, 28 Dec 2002 08:45:23 -0800 (PST) Received: from tesla.distributel.net (nat.MTL.distributel.NET [66.38.181.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 139F343EC5 for ; Sat, 28 Dec 2002 08:45:23 -0800 (PST) (envelope-from bmilekic@unixdaemons.com) Received: (from bmilekic@localhost) by tesla.distributel.net (8.11.6/8.11.6) id gBSGmhw14088; Sat, 28 Dec 2002 11:48:43 -0500 (EST) (envelope-from bmilekic@unixdaemons.com) Date: Sat, 28 Dec 2002 11:48:43 -0500 From: Bosko Milekic To: Murat Bicer Cc: freebsd-stable@freebsd.org Subject: Re: Security updates on freebsd stable Message-ID: <20021228114843.A14054@unixdaemons.com> References: <3E0DCE12.5020707@tundraware.com> <20021228162832.3F26C17C92@www.fastmail.fm> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20021228162832.3F26C17C92@www.fastmail.fm>; from murat+freebsd@bicer.org on Sat, Dec 28, 2002 at 11:28:32AM -0500 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Dec 28, 2002 at 11:28:32AM -0500, Murat Bicer wrote: > Once I choose to use a stable version of freebsd, What are the ways to > apply a security patch to all these servers? > > I need to automate this for 10000 servers. > > All feedback appreciated. > > Murat You can do several things, depending on your needs. If these are production servers then I would not recommend just blindly having them cvsup RELENG_4 and rebuilding themselves every couple of weeks. Instead, you may want to have one machine store and NFS export the source. Then, you can occasionally cvsup fresh RELENG_4 to that one machine and have the others mount the exported NFS partition and build using the same sources, once you know the bits you have are stable. Otherwise, you could just keep a version of the RELENG_4 sources on that one machine that you know are stable and occasionally apply your security patches to that one machine which would again export the sources via NFS. You could then build using the NFS mounted sources with a local object target on each server, as needed. This is how I do it here and it works pretty well. -- Bosko Milekic * bmilekic@unixdaemons.com * bmilekic@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message