I've installed 4.9-RELEASE from the .ISO image. I just want to be certain that I have all security patches now and in the future.
If I have "*default release=cvs tag=RELEASE_4_9" in my cvsup file, will I get all the updates I need to be secure?
No - you'll keep updating your source to 4.9-RELEASE which, while fun, isn't ultimately productive because that's the source you've already got. ;)
What you want is something like "tag=RELENG_4_9" which will keep you up-to-date with the latest security and critcal fixes for 4.9-RELEASE or "tag=RELENG_4" which is the -stable development branch and will include not just fixes but also new features and changes as the -stable branch works its way towards the next 4.x release.
Tags that you can put in your supfile are listed on http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html and don't forget to read the other sections of the manual about what it means to track one of the development branches.
How do I know when to build a new kernel? How will I know when there is a security patch for the kernel? If I cronjob cvsup and rebuild the kernel once a week, will I be up to date? How do I know if my running kernel is up-to-date?
No - because there might be updates to software outside of the kernel. For example if a security problem is found in sendmail (perish the thought!) or OpenSSH then recompiling your kernel is not going to get them updated.
If a security problem is fixed in the kernel then you need to re-compile and re-install the kernel. Otherwise you just need to re-compile the relevent part of the system. Or if you can't be sure what has been touched by a particular update, go for a full "make buildworld/installworld" combo as usual.
The other key thing here is the -security-notifications list http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications which will tell you when security problems have been found that effect your system. Then you know when to update your source and/or kernel and/or world.
Hope that clarifies things a bit!
Andrew
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
