Erik Trulsson wrote:
On Sat, Feb 10, 2007 at 02:06:37PM -0800, Michael wrote:
Hello everyone,

I'm building a production server and I have what may seem to be a very simple question so I hope it only requires a simple answer.

As I've studied the FreeBSD Handbook as well as the man pages for this, it's still not clear to me which tag I should use for a production server.

For my sources I always use the security branch for the release we are using so that they stay stable and also plug most of the security issues as they arise and so the sources tag is always RELENG_6_2.

For the ports, the default tag is always tag=. which I'm not sure is the best thing for a production server since that's the tab for -CURRENT. On one hand it makes sense to track that branch for ports because that's where fixes would go for applications as they find them, but I'm not convinced this is the best thing for a production server and wonder if I should also use the security branch for the ports.

My first question is, does any real security fixes go into the ports when you pull from a security branch? In other words, do maintainers actually submit fixes to that branch for the ports?

I have a similiar question for the docs as well, should we be tracking only the security branch when using cvsup for sources, ports and doc's?

Neither the ports tree nor the docs tree is branched.  I.e. there is no
security branch for ports. On the other hand you are not required to update installed ports/packages
just because you update the ports tree.


What do you mean they aren't branched? Of course they are or they wouldn't be in cvs and if I changed the tag, it wouldn't do anything (they wouldn't change on running cvsup), but they do change (ports get deleted/added/edited.), so I'm not following you here.

Can you elaborate on what you mean?

Thanks,

Michael Lawver
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to