Excellent and detailed information. I read the handbook and Complete
FreeBSD but couldn't grasp the relationship between CURRENT, STABLE,
and RELEASE and the cvsup tags definitively. This is important when
buying new hardware running ahead of RELEASE changes (e.g. the
Broadcom 5704). Last time (a then leading edge server with a U320
Adaptec controller), I manually updated the driver source just to get
it to production and made my source out of sync and then feared
cvsuping further. I think you've given me, in a nutshell, how to do
this more responsibly. Let me take a shot at it for posterity.
RELENG = The official release versions; as well tested as things come.
Only get security patches.
CURRENT = The very bleeding edge. Updated often. Not recommended for
any critical machine.
STABLE = Changes that have run well in CURRENT, fix problems or improve
performance etc, and are things which will form part of the next
RELEASE. Bugs and other issues much less likely than CURRENT.
So developed software generally goes from CURRENT (when tested) ->
STABLE -> next RELENG.
But, not all software in CURRENT automatically goes to STABLE. CURRENT
(right now) is what will be RELENG_7_0, and not all changes there will
be suitable for 6.
1. Take the machine to STABLE via RELENG_6, if it tests reliably, go
production and freeze
2. security patch through the .asc file patches until RELEASE 6.2
3. cvsup to RELEASE 6.2 aka RELENG_6_2 (when available and if needed
hardware changes were indeed incorporated)
4. given no hardware additions, continue to cvsup on RELENG_6_2_0 for
Security Patches for server life-cycle
This should work fine. In step 4, you can consider upgrading from
RELENG_6_2 to RELENG_6_3 etc etc, obviously testing. The more critical
a machine, however, the less likely you are to want to do that. If you
have any kind of farm, then keeping identical hardware and using one
machine as a test bed for any upgrades is also a possible scenario. The
farm can be as small as two machines - one a backup for the other, but
also usable for testing upgrades.
I think it would be technically possible (if unlikely), that a security
patch for STABLE might not apply cleanly if you are not running the
latest STABLE. In such a case, you might again have to bite the bullet
and update to the latest STABLE and test again. This is only likely to
happen if the bug is some kind of kernel internal, and even then only if
some other code for it in STABLE has changed since you did your
upgrade. As I say, I think this would be unlikely.
Depending on what the machine in question actually does, how it is
firewalled etc, it might be that you don't even bother to apply a
security patch. (No doubt some will shout when I say that), but you
have to analyse what risk the security whole actually poses to *your
machine*. You could always seek advice here if such an issue arises,
I think a light is clicking on.
Thanks VERY much,
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"