[EMAIL PROTECTED] wrote:
1. Some SA's say that the a bug is corrected in a particular RELENG or RELEASE or a patched RELEASE. For example FreeBSD-SA-08:05.openssh states that >>RELENG_7_0, 7.0-RELEASE-p1<<. But where can I get a -p1??? I've never seen iso-images for a x.y-RELEASE-pnn. Is this the time where I need to build a release (as iso-image) by myself? If so,what branch-tag do I need to get 7.0-RELEASE-p1?>
If you use c(v)sup or freebsd-update to track one of the security branches (eg RELENG_7_0) then with each patch release you'll also get updates to the version number as reported by the system. (ie. you get a re-compiled kernel with an updated version compiled into it). If you track one of the security branches by applying the patches distributed in the advisories, functionally you'll have the same effect -- the security holes will be patched, etc. -- but unless the flaw is in the kernel code, you won't get a new kernel, hence no change to the version number the system reports.It's a toss-up. Either you do the minimal amount of work needed to secure and maintain your system, or you take a bit more time and
effort and you reboot a bit more frequently and you get a system that also records what updates have been applied. Which of those you choose is entirely a matter of local policy. There is extensive information in the handbook about all the different mechanisms that exist for tracking any of the various development or security branches. There should also be snapshot iso-images generated from development branches on a regular schedule, not that that helps with your specific question: http://www.freebsd.org/snapshots/ Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
