1. Some SA's say that the a bug is corrected in a particular RELENG
or RELEASE or a patched RELEASE. For example FreeBSD-SA-08:05.openssh
states that >>RELENG_7_0, 7.0-RELEASE-p1<<. But where can I get a
-p1??? I've never seen iso-images for a x.y-RELEASE-pnn. Is this the
time where I need to build a release (as iso-image) by myself? If so,
what branch-tag do I need to get 7.0-RELEASE-p1?>

If you use c(v)sup or freebsd-update to track one of the security branches
(eg RELENG_7_0) then with each patch release you'll also get updates to
the version number as reported by the system.  (ie. you get a re-compiled
kernel with an updated version compiled into it).

If you track one of the security branches by applying the patches
distributed in the advisories, functionally you'll have the same effect --
the security holes will be patched, etc. -- but unless the flaw is in
the kernel code, you won't get a new kernel, hence no change to the
version number the system reports.

It's a toss-up. Either you do the minimal amount of work needed to secure and maintain your system, or you take a bit more time and
effort and you reboot a bit more frequently and you get a system that
also records what updates have been applied.  Which of those you choose
is entirely a matter of local policy.

There is extensive information in the handbook about all the different
mechanisms that exist for tracking any of the various development or
security branches.  There should also be snapshot iso-images generated
from development branches on a regular schedule, not that that helps
with your specific question:




Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                 Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to