Date: Sun, 7 Dec 2003 12:13:01 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Vahric MUHTARYAN <vahric@doruk.net.tr> Cc: freebsd-questions@freebsd.org Subject: Re: for understanding correctly -- Up-to-date - Upgread .. Message-ID: <20031207121301.GA7035@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <0c1c01c3bcb2$74576130$110d3ad4@VAHOXP> References: <0c1c01c3bcb2$74576130$110d3ad4@VAHOXP>
next in thread | previous in thread | raw e-mail | index | archive | help
--TB36FDmn/VVEgNH/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Dec 07, 2003 at 01:08:33PM +0200, Vahric MUHTARYAN wrote:
> 1) Now I'm using FreeBSD 5.1-RELEASE I don't know how offen new
> release announced but When I want to upgread to new release when it
> available Which way is true to that ; Binary Update Mechanism to move
> from release to release ( using freebsd-update-1.4 ports is correct or
> Do you know any ports ) or Using New release CD and using sysinstall
> program ...=20
New versions are released approximately every 4 months. 5.2-RELEASE
is due in the next few weeks. However, you should subscribe to
freebsd-announce@.. or freebsd-security@... so you catch any
announcements of new security patches.
=20
> 2) Using and installing programs with ports really easy and
> really easy to update ports with portupgrade because ports also have
> patches for vulnerabillity. But I'm watching the list some programs like
> ssh or sendmail are in base system and I have to track those programs
> bugs Does it enough to watching Security Advisories from www.freebsd.org
> and apply patches for up-to-date base system without sync. entire src.
> Tree ...=20
Yes -- security advisories will contain patches for the base system,
and very often it will be possible to apply the patches, recompile
just the affected part of the system and install the fixed binaries.
Sometimes however it won't, and you have to do a full kernel / world
build plus install and reboot.
Note that the patches in S.A.s always fix the problem, but don't
necessarily update version numbers and so forth, so your system may
still appear to be potentially vulnerable to those who know no better.
> 3) I know that not like linux FreeBSD is structured that the
> entire system is avaiable in source form . Does it means When I
> download or up-to-date the source via CVSup and use make world at this
> moment I have updated , patched and new binaries FreeBSD ?!! =20
FreeBSD (unlike Linux) makes a clear distinction between what is part
of the system, and what is externally contributed code -- ie. ports.
If you cvsup, recompile and re-install your system then, yes, you will
have upgraded to the latest FreeBSD version on whatever branch you
choose to track.
You will need to update ports and other third party stuff
independently of the base system.
=20
> 4) Some books thay said that " make world also not a guaranteed
> process . I want to ask When I have high-profile production server Does
> it true to use make world ?! Whats the way to protect/up-to-date
> high-profile production servers ?!!!=20
For a production server, you should be tracking 4.9-RELEASE. As it's
a -RELEASE branch it's been thoroughly tested and known to compile
correctly. The only updates you'll get on that branch are security
fixes, which are usually fairly small. For production servers, you
should consider using a separate build/test box, where you can break
things without unpleasant consequences. Once you've got things built
correctly and tested throughly, you can mount the /usr/src and
/usr/obj directories from the build box onto your production server,
and quickly reinstall ad reboot with minimum downtime.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--TB36FDmn/VVEgNH/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/0xlNdtESqEQa7a0RApeVAJ9j+/9Ew4vdF0SC8RzkKsbHt2oV/ACcCSdn
GoYadx2AubeBTaHxk9b2sgo=
=Fj8C
-----END PGP SIGNATURE-----
--TB36FDmn/VVEgNH/--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031207121301.GA7035>