From owner-freebsd-questions@FreeBSD.ORG Wed Oct 12 19:02:53 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5566316A421 for ; Wed, 12 Oct 2005 19:02:53 +0000 (GMT) (envelope-from dpkirchner@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5527A43D60 for ; Wed, 12 Oct 2005 19:02:50 +0000 (GMT) (envelope-from dpkirchner@gmail.com) Received: by xproxy.gmail.com with SMTP id t13so121248wxc for ; Wed, 12 Oct 2005 12:02:49 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=USW8U+GUF+VzkXjGyQGY+N/1/jb53jMwMQrw37AxLsVvFUHh9ePZlkyxk42OXQPmp3BSSoUHPbDwiCD3iuGuwhLzQ4qKSaFU5TQvc4ohZYwQr2wFz4A3vxgb4AqYqdHBPtBhaG70XlCpDuBkcFtm6t71HK2TauNLHL5xOTuchQ0= Received: by 10.70.76.12 with SMTP id y12mr289991wxa; Wed, 12 Oct 2005 11:55:34 -0700 (PDT) Received: by 10.70.104.20 with HTTP; Wed, 12 Oct 2005 11:55:34 -0700 (PDT) Message-ID: <35c231bf0510121155h55f8fae8r93fb25a9f01ca3f4@mail.gmail.com> Date: Wed, 12 Oct 2005 11:55:34 -0700 From: David Kirchner Sender: dpkirchner@gmail.com To: Cody Holland In-Reply-To: <4B3EE484EEA4F344BBB62F8316489986467895@corpsrv.RedMoon.local> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <4B3EE484EEA4F344BBB62F8316489986467895@corpsrv.RedMoon.local> Cc: freebsd-questions@freebsd.org Subject: Re: Patch vs. Upgrade X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Oct 2005 19:02:53 -0000 On 10/12/05, Cody Holland wrote: > Thanks for the response. I did a terrible job of asking the correct > question to get the response I wanted. I do know to cvsup the source > and build/make world. I currently have 4 FreeBSD servers in production > serving various tasks. The question I should have been asking is: > Is using the security patches provided by the FreeBSD maintainers as > good as actually updating the whole server? What are the pros and cons > of using the security patches vs. full source upgrade via cvsup? If you cvsup, you're going to get more than just security patches. Basically, program functions could change in unexpected ways (unless you read /usr/src/UPDATING and it contains everything changed). When you do the specific security patch, you're reducing change, and thus reducing the chance of something else going "wrong" for you. It's probably safest to just do the security patch. However, if you ask questions about it on the mailing lists, your "uname -a" output won't be a complete picture of what has been patched. If you use the cvsup method, I believe your uname will show something like '5.4-RELEASE-p7'. Of course, most mailing list replies will be to upgrade to 6.0 or 7.0 but that's a side issue. :)