Date: Sat, 28 Dec 2002 11:48:43 -0500 From: Bosko Milekic <bmilekic@unixdaemons.com> To: Murat Bicer <murat+freebsd@bicer.org> Cc: freebsd-stable@freebsd.org Subject: Re: Security updates on freebsd stable Message-ID: <20021228114843.A14054@unixdaemons.com> In-Reply-To: <20021228162832.3F26C17C92@www.fastmail.fm>; from murat%2Bfreebsd@bicer.org on Sat, Dec 28, 2002 at 11:28:32AM -0500 References: <3E0DCE12.5020707@tundraware.com> <20021228162832.3F26C17C92@www.fastmail.fm>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 28, 2002 at 11:28:32AM -0500, Murat Bicer wrote: > Once I choose to use a stable version of freebsd, What are the ways to > apply a security patch to all these servers? > > I need to automate this for 10000 servers. > > All feedback appreciated. > > Murat You can do several things, depending on your needs. If these are production servers then I would not recommend just blindly having them cvsup RELENG_4 and rebuilding themselves every couple of weeks. Instead, you may want to have one machine store and NFS export the source. Then, you can occasionally cvsup fresh RELENG_4 to that one machine and have the others mount the exported NFS partition and build using the same sources, once you know the bits you have are stable. Otherwise, you could just keep a version of the RELENG_4 sources on that one machine that you know are stable and occasionally apply your security patches to that one machine which would again export the sources via NFS. You could then build using the NFS mounted sources with a local object target on each server, as needed. This is how I do it here and it works pretty well. -- Bosko Milekic * bmilekic@unixdaemons.com * bmilekic@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021228114843.A14054>