Date: Tue, 17 Jun 2008 06:39:58 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: cco1817-0@yahoo.de Cc: freebsd-questions@freebsd.org Subject: Re: Release engineering process confusions and "make (build)world" Message-ID: <48574E2E.4030508@infracaninophile.co.uk> In-Reply-To: <122990.26809.qm@web27607.mail.ukl.yahoo.com> References: <122990.26809.qm@web27607.mail.ukl.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig892754361D48099F354C3B81
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
cco1817-0@yahoo.de wrote:
> 1. Some SA's say that the a bug is corrected in a particular RELENG
> or RELEASE or a patched RELEASE. For example FreeBSD-SA-08:05.openssh
> states that >>RELENG_7_0, 7.0-RELEASE-p1<<. But where can I get a
> -p1??? I've never seen iso-images for a x.y-RELEASE-pnn. Is this the
> time where I need to build a release (as iso-image) by myself? If so,
> what branch-tag do I need to get 7.0-RELEASE-p1?>=20
If you use c(v)sup or freebsd-update to track one of the security branche=
s
(eg RELENG_7_0) then with each patch release you'll also get updates to
the version number as reported by the system. (ie. you get a re-compiled=
kernel with an updated version compiled into it).
If you track one of the security branches by applying the patches
distributed in the advisories, functionally you'll have the same effect -=
-
the security holes will be patched, etc. -- but unless the flaw is in
the kernel code, you won't get a new kernel, hence no change to the
version number the system reports.
It's a toss-up. Either you do the minimal amount of work needed to=20
secure and maintain your system, or you take a bit more time and
effort and you reboot a bit more frequently and you get a system that
also records what updates have been applied. Which of those you choose
is entirely a matter of local policy.
There is extensive information in the handbook about all the different
mechanisms that exist for tracking any of the various development or
security branches. There should also be snapshot iso-images generated
from development branches on a regular schedule, not that that helps
with your specific question:
http://www.freebsd.org/snapshots/
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig892754361D48099F354C3B81
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAkhXTjYACgkQ8Mjk52CukIzQ7ACffTf0tF7O+EbcPZJHf5Fca9m5
P/EAn0xgi0WLqQviE0I3/j7pZCdfLZ7y
=dd9C
-----END PGP SIGNATURE-----
--------------enig892754361D48099F354C3B81--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48574E2E.4030508>