Re: To track or not to track
Yes I use the same CVS tags for the ports and user, and src. -Derek At 11:15 PM 3/9/2006, Chris Maness wrote: I just wanted to get pros and cons for tracking the whole port tree on a production server. Any opinions? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Derek Ragona wrote: Chris, I will use a CVS tag to update a release for any officially reported security issues. You can look up the right tags here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html However, with production boxes, I have either non-production boxes I update first to test the release, or secondary production boxes I update first. I only update these systems if the security issue will effect the use. For instance, if it is an issue with ipfw, but I am not using that on a box, I don't bother to update it. Hope this helps, -Derek Are you using these tags for the ports or the base system + userland? I love the way that I can track the security/bug fixes by tracking a branch of the code for the src directory. It would be nice if ports forked too. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: To track or not to track
I just wanted to get pros and cons for tracking the whole port tree on a production server. Any opinions? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Derek Ragona wrote: Chris, I will use a CVS tag to update a release for any officially reported security issues. You can look up the right tags here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html However, with production boxes, I have either non-production boxes I update first to test the release, or secondary production boxes I update first. I only update these systems if the security issue will effect the use. For instance, if it is an issue with ipfw, but I am not using that on a box, I don't bother to update it. Hope this helps, -Derek Are you using these tags for the ports or the base system + userland? I love the way that I can track the security/bug fixes by tracking a branch of the code for the src directory. It would be nice if ports forked too. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: To track or not to track
Chris Maness wrote: I just wanted to get pros and cons for tracking the whole port tree on a production server. Any opinions? If by track you mean regularly download, compile and install all available updates, the big con is that you can sometimes break your box. More frequently you won't break anything but may need to spend considerable time babysitting the process, often needlessly since many updates are for features you'll never use. Tracking updates aggressively is a job for a dedicated build/test server that makes packages and dishes them out on demand, as needed (via NFS, rsync or your favorite sync method) first to other test servers and then to production servers.This way production boxes only get tested updates, on your schedule, for your reasons. You can best follow the not broke, don't fix credo by regularly doing cvsup (in case an upgrade is suddenly required), but only doing updates on production servers when: * there is an official FreeBSD security alert * portaudit throws a fit based on one or more of your installed port versions * some business requirement of yours creates a definitive need to have the latest version of something -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) gregb at scls.lib.wi.us, (608) 266-6348 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: To track or not to track
I just wanted to get pros and cons for tracking the whole port tree on a production server. Any opinions? Tracking it isn't going to take a lot of space. Although if it's a serious production server (as opposed to my home production server :-) I don't know if I'd install ports on it before I'd done it somewhere else first. For me... I've found having a jail 'sandbox' setup is a great way to install ports, test, make packages, then install those packages on my production box. -philip ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]