Date: Thu, 7 Mar 2002 09:01:12 -0800 (PST) From: David Wolfskill <david@catwhisker.org> To: hawkeyd@visi.com Cc: stable@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-ID: <200203071701.g27H1CH24303@bunrab.catwhisker.org> In-Reply-To: <200203071642.g27GgKa66947@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Thu, 7 Mar 2002 10:42:20 -0600 (CST)
>From: hawkeyd@visi.com (D J Hawkey Jr)
>Slightly off-topic, but how stable is -STABLE these days?
Since last March, when I got my laptop, I started tracking -STABLE on
that laptop daily. On a different slice of the disk, I started
tracking -CURRENT (also daily). [There were a few lapses for when I was
travelinig and had no Internet access, as well as a few when -CURRENT
wouldn't build.]
Last August, I built a "build machine"; now it handles the CVS
repository mirroring (instead of doing it directly to my laptop. I then
sync the CVS repository on the laptop to the one on the build machine.
I still track both -STABLE and -CURRENT on my laptop daily, but I also
do it on my build machine.
Around September, I decided to start taking advantage of the build
machine in another way: every alternate Sunday, after the normal
build cycle for the day is done, and I'm reasonably comfortable
with the changes in the last 2 weeks, I build custom kernels on the
build machine for each of an internal server ("bunrab", which is
the machine on which I'm composing this message (though the keyboard
is that of my laptop, which is building today's -CURRENT as I type);
it is also the machine that responds to HTTP requests to
www.catwhisker.org) and my firewall machine.
I then proceed to "clone" the running slice over to a different one (1
-> 2 or 2 -> 1), tweak the new /etc/fstab, re-boot from the target slice
of that "clone" operation (thus, if I see a problem, the quick fall-back
is to re-boot from the old slice), then do an NFS install from the build
machine, followed by the usual mergemaster && reboot.
This process has been working well for me since I started it. I should
probably automate it a little more, but for my perceived requirements,
it seems to strike a comfortable balance.
For bunrab:
bunrab(4.5-S)[1] uname -a
FreeBSD bunrab.catwhisker.org 4.5-STABLE FreeBSD 4.5-STABLE #12: Sun Mar 3 07:25:56 PST 2002 root@freebeast.catwhisker.org:/common/S1/obj/usr/src/sys/BUNRAB i386
bunrab(4.5-S)[2]
Note that although I believe that perfection is a worthwhile goal,
rather than designing the process assuming that it will be achieved, I
plan to have a fallback that is nearly minimally disruptive as I can
manage. So far, I have yet to perform the fallback procedure.
Cheers,
david (links to my resume at http://www.catwhisker.org/~david)
--
David H. Wolfskill david@catwhisker.org
I believe it would be irresponsible (and thus, unethical) for me to advise,
recommend, or support the use of any product that is or depends on any
Microsoft product for any purpose other than personal amusement.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203071701.g27H1CH24303>