From owner-freebsd-questions@FreeBSD.ORG Thu Apr 10 07:09:24 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A178C37B401 for ; Thu, 10 Apr 2003 07:09:24 -0700 (PDT) Received: from mta01-svc.ntlworld.com (mta01-svc.ntlworld.com [62.253.162.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4C9643F3F for ; Thu, 10 Apr 2003 07:09:22 -0700 (PDT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from piii600.wadham.ox.ac.uk ([81.103.196.4]) by mta01-svc.ntlworld.comESMTP <20030410140920.XVTE6166.mta01-svc.ntlworld.com@piii600.wadham.ox.ac.uk>; Thu, 10 Apr 2003 15:09:20 +0100 Message-Id: <5.0.2.1.1.20030410145629.030f7308@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Thu, 10 Apr 2003 15:09:19 +0100 To: freebsd-questions@freebsd.org From: Colin Percival In-Reply-To: <5.0.2.1.1.20030410145601.01dc0c30@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed cc: Colin Percival Subject: Re: Questions about patches X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Apr 2003 14:09:24 -0000 At Tue, 8 Apr 2003 18:24:59 -0700, Chris Miller wrote: >I've scoured the FreeBSD site and other resources for a >couple of days, but I've found no binary way of patching the OS as I'm >accustomed to doing with BSD/OS and RedHat. So my first question is; >Is/will there be a better method of patching the core OS in the future >that addresses only the affected components? You're probably looking for http://www.daemonology.net/freebsd-update/ It only addresses the core OS, and only works if you're starting from a binary install of FreeBSD, but it will keep you up to date on the appropriate security branch. I'm building updates for 4.7 and 4.8 right now, but if you don't trust me (and there's no reason why you should) the code is there for anyone to build the updates themselves. Hopefully this will get into the ports tree some day (*cough* ports/50202 *cough*) but it isn't there yet. > From what I can surmise, the proceedure for patching >applications in a multi server environment is to update the ports tree and >to build/install/test these on a build server, and then package them up >and install them remotely via pkg_add. Questions; 1. Is this the best way >to apply patches to applications? 2. Are there any plans to provide a >better notification system when applications are patched similar to what >RedHat has done with Bugzilla? Yes, that's probably the best way to keep your installed ports up to date. Go to freshports.org and register to receive email about updates to the ports you use. Colin Percival PS. I'm not subscribed to -questions, so make sure you CC me if you expect a response.