Erik Trulsson wrote:
On Sat, Feb 10, 2007 at 03:41:58PM -0800, Michael wrote:
Erik Trulsson wrote:
On Sat, Feb 10, 2007 at 02:06:37PM -0800, Michael wrote:
Hello everyone,
I'm building a production server and I have what may seem to be a very
simple question so I hope it only requires a simple answer.
As I've studied the FreeBSD Handbook as well as the man pages for this,
it's still not clear to me which tag I should use for a production server.
For my sources I always use the security branch for the release we are
using so that they stay stable and also plug most of the security issues
as they arise and so the sources tag is always RELENG_6_2.
For the ports, the default tag is always tag=. which I'm not sure is the
best thing for a production server since that's the tab for -CURRENT.
On one hand it makes sense to track that branch for ports because that's
where fixes would go for applications as they find them, but I'm not
convinced this is the best thing for a production server and wonder if I
should also use the security branch for the ports.
My first question is, does any real security fixes go into the ports
when you pull from a security branch? In other words, do maintainers
actually submit fixes to that branch for the ports?
I have a similiar question for the docs as well, should we be tracking
only the security branch when using cvsup for sources, ports and doc's?
Neither the ports tree nor the docs tree is branched. I.e. there is no
security branch for ports.
On the other hand you are not required to update installed ports/packages
just because you update the ports tree.
What do you mean they aren't branched? Of course they are or they
wouldn't be in cvs and if I changed the tag, it wouldn't do anything
(they wouldn't change on running cvsup), but they do change (ports get
deleted/added/edited.), so I'm not following you here.
Can you elaborate on what you mean?
What I mean is that the ports tree only has a single CVS branch, HEAD, which
is what you get with tag=.
There are no other branches. (Unlike the src/ tree which does have several
different branches in addition to HEAD.)
There are tags (like RELEASE_6_2_0 or RELEASE_5_2_1) that identify the ports
tree at some specific point in time.
If you update the ports tree with e.g. tag=RELEASE_6_2_0 you will get the
ports tree in the same state as was shipped with FreeBSD 6.2-RELEASE.
If you use the same tag a couple of months later you will get exactly the
same thing - the ports tree as was shipped with FreeBSD 6.2-RELEASE.
If you want to get updates to the ports tree you will have to use tag=. or
wait until a new release has been made and use the tag corresponding to that
particular release.
OK, that makes sense. Now getting back to my original question, if you
are running a production server, does it make sense to pull down ports
which are under the -CURRENT tag=. or should anyone who's running a
production server just stick with what's in the current release ports?
Would I benefit more from pulling down the most current ports because it
offers the most up to date packages?
If neither is safer than I think it's probably ok to just continue to
pull down the most current, if that's not true than I should probably
just use the ports which came with the release. This is what I'd like
people's comments on more than anything else.
Thanks for your feedback I really appreciate it.
Michael Lawver
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
