From owner-freebsd-questions@FreeBSD.ORG Thu Oct 4 20:34:32 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 098A516A419 for ; Thu, 4 Oct 2007 20:34:32 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.freebsd.org (Postfix) with ESMTP id A3DE713C4B3 for ; Thu, 4 Oct 2007 20:34:31 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from localhost (localhost [127.0.0.1]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id l94KYQ8I095201; Thu, 4 Oct 2007 15:34:26 -0500 (CDT) (envelope-from kdk@daleco.biz) X-Virus-Scanned: amavisd-new at daleco.biz Received: from ezekiel.daleco.biz ([127.0.0.1]) by localhost (ezekiel.daleco.biz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id RMakEGTSEDRJ; Thu, 4 Oct 2007 15:34:17 -0500 (CDT) Received: from archangel.daleco.biz (dsl.daleco.biz [209.125.108.70]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id l94KYCl0095153; Thu, 4 Oct 2007 15:34:13 -0500 (CDT) (envelope-from kdk@daleco.biz) Message-ID: <47054E3F.1060709@daleco.biz> Date: Thu, 04 Oct 2007 15:34:07 -0500 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.2) Gecko/20070418 SeaMonkey/1.1.1 MIME-Version: 1.0 To: Bill Stwalley References: <687f2b920709262347l23b3d6cfv3969ea804f4963c3@mail.gmail.com> <20070930110108.T79156@obelix.home.rakhesh.com> <687f2b920710030143w188eba97sac9858f70015fe90@mail.gmail.com> In-Reply-To: <687f2b920710030143w188eba97sac9858f70015fe90@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: too late to change to security branch? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2007 20:34:32 -0000 Bill Stwalley wrote: > On 9/30/07, Rakhesh Sasidharan wrote: >> >> Hi Bill! >> >>> I have servers running 6.1 and 6.2. I use freebsd-update in cron jobs >> to >>> install binary security update to the base system, and use >> cvsup/portupgrade >>> in cron jobs to install port updates. By default, cvsup uses CURRENT >>> branch. >> The ports system doesn't have any branches. The same tree is used between >> all the different FreeBSD branches so you can't just track security >> updates only. You track it using portupgrade/ cvsup. >> >> The base system has many branches. In your case, you seem to be following >> the security branches for 6.1 and 6.2 using freebsd-update. >> >>> I am tired of some updates breaking something unnecessarily, and am >> thinking >>> of changing to SECURITY branch in cvsup. Is that possible? Some of my >>> ports are already locally compiled with customized options. >> Maybe you can provide more info on what's breaking? >> >> I use FreeBSD for a couple of headless machines. No X and other stuff, but >> I haven't had any breakages so far. *touchwood* Do go though the UPDATING >> file to check out any gotchas before updating. >> >> HTH, >> >> >> - Rakhesh >> http://rakhesh.net/ >> > > I'm grateful to all your clarifications, as I feel this operation system is > really supported with care. > > Our uw-imap was broken recently for a few days as people could not login, so > I had to switch to dovecot. Nothing was mentioned in the UPDATING file, > although there was indeed a big update of uw-imap. I only got relieved > after finding > http://lists.freebsd.org/pipermail/freebsd-ports/2007-October/044051.htmlposted > a couple days later. > > Things similar to this, although to less extent, did happen once a couple > months, sometimes the "postfix" and other startup scripts in > /usr/local/etc/rc.d/ will be renamed to "postfix.sh" or vice verser by port > upgrade, that broke my other scripts. > > As everyone appears to suggest against updating ports in cron job and > suggest reading UPDATING instead and then updating by hand, I'm really > curious: Is it practical to do that when you manage a dozen servers? I > imagine doing that alone would be a substantial job. However crontab > updated ports do take down services from time to time. > > Best, Bill In the Handbook, Chapter 23.5, is one plan: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/small-lan.html HTH, Kevin Kinsey -- APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis