From owner-freebsd-stable  Sat Dec 28  8:52:43 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D9CA637B401
	for <freebsd-stable@FreeBSD.ORG>; Sat, 28 Dec 2002 08:52:41 -0800 (PST)
Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 948B743EB2
	for <freebsd-stable@FreeBSD.ORG>; Sat, 28 Dec 2002 08:52:40 -0800 (PST)
	(envelope-from colin.percival@wadham.ox.ac.uk)
Received: from piii600.wadham.ox.ac.uk ([62.254.149.90])
          by mta03-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20021228165239.RPZQ4699.mta03-svc.ntlworld.com@piii600.wadham.ox.ac.uk>;
          Sat, 28 Dec 2002 16:52:39 +0000
Message-Id: <5.0.2.1.1.20021228163827.03718940@popserver.sfu.ca>
X-Sender: cperciva@popserver.sfu.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Sat, 28 Dec 2002 16:52:31 +0000
To: "Murat Bicer" <murat+freebsd@bicer.org>,
	freebsd-stable@FreeBSD.ORG
From: Colin Percival <colin.percival@wadham.ox.ac.uk>
Subject: Re: Security updates on freebsd stable
In-Reply-To: <20021228162832.3F26C17C92@www.fastmail.fm>
References: <3E0DCE12.5020707@tundraware.com>
 <3E0DCE12.5020707@tundraware.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

At 11:28 28/12/2002 -0500, Murat Bicer wrote:
>Once I choose to use a stable version of freebsd, What are the ways to
>apply a security patch to all these servers?

   The canonical solution is to track RELENG_4_x by building on one machine 
and installing over NFS; see 
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/small-lan.html 
for details.  A few days ago I released a binary updates system, but I 
wouldn't suggest using it unless you know what you're doing.

>I need to automate this for 10000 servers.

   That's a lot of servers.  What are they all doing?  If you're dealing 
with a failure-tolerant cluster, you'll have much more freedom in how you 
upgrade things than if the machines operate independently.

Colin Percival



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message