Hi Nicolas, please also read the FAQ on www.openbsd.org.
Nicolas Letellier schrieb am Wed, Jan 02, 2008 at 10:50:43PM +0100: > If I want the last packages/ports, I use a -current system, with > -current ports tree. Last updates of softwares are in -current. Right. > On the other hand, they're developpement versions, No, mostly wrong. The ports in the -current ports tree are usually ports of stable upstream releases. That's actually an established policy. There are some exceptions where upstream development versions get built by the ports tree, for example given any of the following conditions: - lack of any stable upstream distribution - stable upstream distribution hopelessly outdated and upstream development distribution reasonably solid - vastly different upstream stable and dev distributions and considerable interest to have each of them available > If I want a *very* stable system (in production for example), > I use -release or -stable system. You can also use -current snapshots. It requires a bit more experience (ability to act when it's needed, and ability to realize when action is needed), and a bit more work (slightly more frequent upgrades, say half a doven or a dozen times a year instead of twice a year). > On the other hand, packages and ports are not updated even it's > necessary (for example, the last mozilla-firefox is in 2.0.0.6 > in ports tree -release and 2.0.0.10 in -current port tree). If you build a specialized server running two or three daemons, watch the relevant commits, understand them and backport them yourself when needed. In many cases, the task of backporting one single ports security fix to -stable is manageable. In case you fail, pay someone for doing that particular job for you (in case you know any IT consultant with sufficient programming skills). If you build a desktop system requiring 327639245120 packages, personally, IN THE CURRENT EXCEPTIONAL SITUATION, i would suggest to just run a -current snapshot. Should the -stable ports tree ever get resurrected (which could hopefully happen), i shall not uphold that suggestion. > If I use openbsd, it's for security and stability. > Or, I must do a choice between: > * stability (-stable, -release) No, you never run -release. That's not secure. You run -current, -stable or -release+patches. > with no security updates of packages/ports, > * security (-current) with a less stability. > > Why does OpenBSD team not make a -stable branch of the port tree ? > It's necessary to security. > What method does recommend to have updated applications > in -stable or -release ? That's a frequently answered question, read the archives and take care not to get yourself flamed. In a nutshell: OpenBSD is a system maintained by a bunch of people for their own enjoyment and use. For those people, the developers, there is no choice between security and stability, they just run -current, so they get BOTH security and stability - or else, in case they break the CVS, they will be gently shot down by Theo. ;-) Popularity is not among the OpenBSD project goals. That it's an excellent system for non-developers to use, too, is mostly a fortunate accident - even though that's not a matter of luck, but a direct, necessary consequence of the project goals and the team sticking to them, of course.
