From owner-freebsd-questions@FreeBSD.ORG Wed Oct 3 08:43:27 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B57C016A421 for ; Wed, 3 Oct 2007 08:43:27 +0000 (UTC) (envelope-from stwalley2004@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.240]) by mx1.freebsd.org (Postfix) with ESMTP id 7886813C465 for ; Wed, 3 Oct 2007 08:43:27 +0000 (UTC) (envelope-from stwalley2004@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so908617anc for ; Wed, 03 Oct 2007 01:43:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=qiLAvwl8CKWG4q11VT3iyXymKWwH+r5Mfjt8R+pLMu4=; b=gGlrLWvt/heWX0oG/N7Q2Dn0UCZHr6yoduh98yagQ/AQcPMMuU0HoHG1Gr2lNn3oHRWa3c3/btraVS8zOytR6xOWzfaa02uosGoIZFt8XzrftjG2OMJCFUxPKSdn4UgLmanObaeL7Rv50x89B53d5saT32Hv067QivQi8+AgxNE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=H+gLbe+JPQF+KLp+uM5la9z/IkQw2B8/EQDsiIdgXBsp4A3+U9HYED3rYEFoehE9muC7MT1s7w0PGWZQ6H2kWgocJGUhVkZw9jSfds51OGKErPA36HtQ1w/T3SX8hPXk5fXKgkJu6rPi4G1OyWjVacuNmXWeSIABnPwMc+ijxUQ= Received: by 10.142.141.5 with SMTP id o5mr465479wfd.1191401006033; Wed, 03 Oct 2007 01:43:26 -0700 (PDT) Received: by 10.142.185.1 with HTTP; Wed, 3 Oct 2007 01:43:26 -0700 (PDT) Message-ID: <687f2b920710030143w188eba97sac9858f70015fe90@mail.gmail.com> Date: Wed, 3 Oct 2007 04:43:26 -0400 From: "Bill Stwalley" To: "Rakhesh Sasidharan" In-Reply-To: <20070930110108.T79156@obelix.home.rakhesh.com> MIME-Version: 1.0 References: <687f2b920709262347l23b3d6cfv3969ea804f4963c3@mail.gmail.com> <20070930110108.T79156@obelix.home.rakhesh.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: too late to change to security branch? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2007 08:43:27 -0000 On 9/30/07, Rakhesh Sasidharan wrote: > > > Hi Bill! > > > I have servers running 6.1 and 6.2. I use freebsd-update in cron jobs > to > > install binary security update to the base system, and use > cvsup/portupgrade > > in cron jobs to install port updates. By default, cvsup uses CURRENT > > branch. > > The ports system doesn't have any branches. The same tree is used between > all the different FreeBSD branches so you can't just track security > updates only. You track it using portupgrade/ cvsup. > > The base system has many branches. In your case, you seem to be following > the security branches for 6.1 and 6.2 using freebsd-update. > > > I am tired of some updates breaking something unnecessarily, and am > thinking > > of changing to SECURITY branch in cvsup. Is that possible? Some of my > > ports are already locally compiled with customized options. > > Maybe you can provide more info on what's breaking? > > I use FreeBSD for a couple of headless machines. No X and other stuff, but > I haven't had any breakages so far. *touchwood* Do go though the UPDATING > file to check out any gotchas before updating. > > HTH, > > > - Rakhesh > http://rakhesh.net/ > I'm grateful to all your clarifications, as I feel this operation system is really supported with care. Our uw-imap was broken recently for a few days as people could not login, so I had to switch to dovecot. Nothing was mentioned in the UPDATING file, although there was indeed a big update of uw-imap. I only got relieved after finding http://lists.freebsd.org/pipermail/freebsd-ports/2007-October/044051.htmlposted a couple days later. Things similar to this, although to less extent, did happen once a couple months, sometimes the "postfix" and other startup scripts in /usr/local/etc/rc.d/ will be renamed to "postfix.sh" or vice verser by port upgrade, that broke my other scripts. As everyone appears to suggest against updating ports in cron job and suggest reading UPDATING instead and then updating by hand, I'm really curious: Is it practical to do that when you manage a dozen servers? I imagine doing that alone would be a substantial job. However crontab updated ports do take down services from time to time. Best, Bill