From owner-freebsd-questions@FreeBSD.ORG Fri Dec 30 14:55:35 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 65A391065675 for ; Fri, 30 Dec 2011 14:55:35 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id E7E948FC12 for ; Fri, 30 Dec 2011 14:55:34 +0000 (UTC) Received: by wgbdr11 with SMTP id dr11so24260384wgb.31 for ; Fri, 30 Dec 2011 06:55:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=tyMpdRx/D6ABhmLS9PsR1ceHSdJxvv0dufYal53SY58=; b=rUf2omk0Bdr9o88DljkiTb8JfsUyjuBaAqjwJgXBOKfs8QBsMw0I2ST1sumxj73xqg Fy1XitH3NaybX4NTNDOaqPZiaT9mzQuY9oRIs8CQ2Ul7Fn/sNLldN7bnHxaauTPzvfo2 xvWCEB5OqCQovYgPzYaVKppQNCJF988izzJps= Received: by 10.227.205.85 with SMTP id fp21mr17388528wbb.6.1325256933832; Fri, 30 Dec 2011 06:55:33 -0800 (PST) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id fi11sm39830273wbb.9.2011.12.30.06.55.32 (version=SSLv3 cipher=OTHER); Fri, 30 Dec 2011 06:55:32 -0800 (PST) Date: Fri, 30 Dec 2011 14:55:30 +0000 From: RW To: freebsd-questions@freebsd.org Message-ID: <20111230145530.565330d5@gumby.homeunix.com> In-Reply-To: <20111230143117.7ed3e449.freebsd@edvax.de> References: <20111229161611.GA81214@chancha.local> <51AF4F0E-AD5A-4D0A-BC33-4C452B2D1650@mac.com> <20111229185325.GA56404@chancha.local> <20111230131435.43bc218f@gumby.homeunix.com> <20111230143117.7ed3e449.freebsd@edvax.de> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Same version on binary packages and updated ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2011 14:55:35 -0000 On Fri, 30 Dec 2011 14:31:17 +0100 Polytropon wrote: > On Fri, 30 Dec 2011 13:14:35 +0000, RW wrote: > > One strategy is to use csup to only update the port tree to release > > tags and so use successive release packages as you update the base > > system. You need to check portaudit for vulnerabilities. > > For such tasks, csup provides a good basis for explicitely > specifying a RELEASE or security patch level. This can be > applied to both the sources and the ports tree (of the > corresponding date). You would use the tag that was used for the tree on the disk. > > An alternative is to use stable packages. There are two problems > In this case, I would also suggest using the compiling > approach. Binary packages don't give you the flexibility > to follow -STABLE or -RELEASE-p that closely in > time. If you are going to compile you might as well use a release security branch. I was describing how to avoid a specific pitfall with STABLE packages. There's no need to keep world and port versions closely matched, the only time there is any connection between the two is when the ports tree is tagged for building release packages. It's a matter of policy that older packages will work with later worlds on the same stable branch. The issue is that some ports may build different packages, with identical package names, depending whether they are built before or after a new feature has been MFC'ed into STABLE.