Date: Sat, 27 Sep 2003 23:49:49 +0100 From: Bruce M Simpson <bms@spc.org> To: "V. Jones" <vjones62@earthlink.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Patch question Message-ID: <20030927224949.GB11185@saboteur.dek.spc.org> In-Reply-To: <11778415.1064691636010.JavaMail.root@skeeter.psp.pas.earthlink.net> References: <11778415.1064691636010.JavaMail.root@skeeter.psp.pas.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 27, 2003 at 03:40:35PM -0400, V. Jones wrote: > Thanks to everyone who responded - my question really had more to do with applying patches as they are presented in the various security advisories. It sounds like most of you don't do it that way; it sounds like you track freebsd-stable using cvsup. However, section 21.2.2.2 of the handbook seems to advise against doing this when all you want to do is apply security fixes: > > "While it is true that security fixes also go into the FreeBSD-STABLE branch, you do not need to track FreeBSD-STABLE to do this. Every security advisory for FreeBSD explains how to fix the problem for the releases it affects [1] , and tracking an entire development branch just for security reasons is likely to bring in a lot of unwanted changes as well." You can track a RELEASE branch instead, this is one reason for their existence. Only security-officer@ has the power to mandate that a patch be committed to a release branch after it has been released. This is what I do for my production machines. BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030927224949.GB11185>