Date: Wed, 12 Oct 2005 11:55:34 -0700 From: David Kirchner <dpk@dpk.net> To: Cody Holland <cholland@redmoonbroadband.com> Cc: freebsd-questions@freebsd.org Subject: Re: Patch vs. Upgrade Message-ID: <35c231bf0510121155h55f8fae8r93fb25a9f01ca3f4@mail.gmail.com> In-Reply-To: <4B3EE484EEA4F344BBB62F8316489986467895@corpsrv.RedMoon.local> References: <4B3EE484EEA4F344BBB62F8316489986467895@corpsrv.RedMoon.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/12/05, Cody Holland <cholland@redmoonbroadband.com> wrote: > Thanks for the response. I did a terrible job of asking the correct > question to get the response I wanted. I do know to cvsup the source > and build/make world. I currently have 4 FreeBSD servers in production > serving various tasks. The question I should have been asking is: > Is using the security patches provided by the FreeBSD maintainers as > good as actually updating the whole server? What are the pros and cons > of using the security patches vs. full source upgrade via cvsup? If you cvsup, you're going to get more than just security patches. Basically, program functions could change in unexpected ways (unless you read /usr/src/UPDATING and it contains everything changed). When you do the specific security patch, you're reducing change, and thus reducing the chance of something else going "wrong" for you. It's probably safest to just do the security patch. However, if you ask questions about it on the mailing lists, your "uname -a" output won't be a complete picture of what has been patched. If you use the cvsup method, I believe your uname will show something like '5.4-RELEASE-p7'. Of course, most mailing list replies will be to upgrade to 6.0 or 7.0 but that's a side issue. :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35c231bf0510121155h55f8fae8r93fb25a9f01ca3f4>