Date: Wed, 16 May 2001 23:10:05 +0200 From: Erik Trulsson <ertr1013@student.uu.se> To: stable@FreeBSD.ORG Subject: Re: Old compiler (3.3-stable -> 4->stable) Message-ID: <20010516231005.A69667@student.uu.se> In-Reply-To: <20010516232828.A411@iv.nn.kiev.ua>; from netch@iv.nn.kiev.ua on Wed, May 16, 2001 at 11:28:28PM %2B0300 References: <20010516004223.A800@iv.nn.kiev.ua> <Pine.BSF.4.33.0105161132110.14552-100000@srv2.any> <20010516232828.A411@iv.nn.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 16, 2001 at 11:28:28PM +0300, Valentin Nechayev wrote: > Wed, May 16, 2001 at 11:41:59, avn (Alexey V. Neyman) wrote about "Re: Old compiler (3.3-stable -> 4->stable)": > > > >It is better now to do binary upgrade from 3.x to 4.3, if your Internet > > >connection allows to download `bin' package (~50M). (But for mergemaster > > >you must untar or cvsup full sources.) Upgrade via `make world' will > > >fail in too many places, such as perl, gperf & groff, kernel... > > I found the following sequence to be rather fail-safe: > > 3.5.1-R -> 4.2-R -> 4.3-S, I tested it a few times and it have not failed > > me. > > Of course, but is upgrade from source such important to you, preferrable > than having secure system? 4.2-R is insecure, and you must use one additional > make_world step which makes your system containing well-known holes > for a few hours. I don't discuss here possibility of such way, but say > that binary upgrade is better now. You could of course just disconnect the machine during the make world. Then any security holes shouldn't matter. For a slightly less drastic option you could just avoid running any network daemons during the intermediate steps. If nothing listens for a connection it should be fairly safe. > > One can also compare this with the way needed to upgrade via make > world chain from 2.2 to 4.3: one of the steps is 3.0, which is both > insecure and unstable. I don't know any server in my epsilon environ > which was upgraded from 2.2 in such way. Only binary upgrades. > Personally I have never done any binary upgrades on my systems but only source upgrades. I don't really trust a binary upgrade to DTRT. But that is me and if it works for you, fine. -- <Insert your favourite quote here.> Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010516231005.A69667>