From owner-freebsd-questions@FreeBSD.ORG Wed Oct 12 19:43:04 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0D3816A41F for ; Wed, 12 Oct 2005 19:43:04 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FBB543D48 for ; Wed, 12 Oct 2005 19:43:03 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by zproxy.gmail.com with SMTP id z31so172921nzd for ; Wed, 12 Oct 2005 12:43:03 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=JZ9i/rGBvYbuV7ojpoZw2S6XNHOYqsV5/rIr6YEn0QxKH0OUzxUaXgxAKgc32f6e62oTS2n7doGvNiMSRND8kbH9ovK4g0Y4IzfgXdz2Pv68z7Fl/7RpOVtnnsybxDz2nPt7a+pVWOgyzxroAutOGQfpfJMRG+VzrByAnx10TYA= Received: by 10.36.22.10 with SMTP id 10mr1473890nzv; Wed, 12 Oct 2005 12:43:01 -0700 (PDT) Received: by 10.37.20.34 with HTTP; Wed, 12 Oct 2005 12:43:01 -0700 (PDT) Message-ID: Date: Wed, 12 Oct 2005 23:43:01 +0400 From: "Andrew P." To: David Kirchner In-Reply-To: <35c231bf0510121155h55f8fae8r93fb25a9f01ca3f4@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <4B3EE484EEA4F344BBB62F8316489986467895@corpsrv.RedMoon.local> <35c231bf0510121155h55f8fae8r93fb25a9f01ca3f4@mail.gmail.com> Cc: freebsd-questions@freebsd.org, Cody Holland Subject: Re: Patch vs. Upgrade X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Oct 2005 19:43:04 -0000 On 10/12/05, David Kirchner wrote: > On 10/12/05, Cody Holland wrote: > > Thanks for the response. I did a terrible job of asking the correct > > question to get the response I wanted. I do know to cvsup the source > > and build/make world. I currently have 4 FreeBSD servers in production > > serving various tasks. The question I should have been asking is: > > Is using the security patches provided by the FreeBSD maintainers as > > good as actually updating the whole server? What are the pros and cons > > of using the security patches vs. full source upgrade via cvsup? > > If you cvsup, you're going to get more than just security patches. > Basically, program functions could change in unexpected ways (unless > you read /usr/src/UPDATING and it contains everything changed). When > you do the specific security patch, you're reducing change, and thus > reducing the chance of something else going "wrong" for you. > > It's probably safest to just do the security patch. However, if you > ask questions about it on the mailing lists, your "uname -a" output > won't be a complete picture of what has been patched. If you use the > cvsup method, I believe your uname will show something like > '5.4-RELEASE-p7'. Of course, most mailing list replies will be to > upgrade to 6.0 or 7.0 but that's a side issue. :) > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > That's just not true. Cvsupping to something like RELENG_5_4 will do exactly the same thing as a patch, only it's the hassle-free way. You see a sec-advisory, you type "cvsup -g -L 2 mysup" recompile what's suggested in the advisory, or the whole world - and you're done. On the contrary to your latter statement, if you start describing your problem with "I'm on FreeBSD-Current", you'll be advised to downgrade to Stable at least.