On Wed, 1 Apr 2009 16:40:54 +0100 Alun Eyre <alun.e...@btopenworld.com> wrote:
> Hi, > > I have pre-ordered 4.5 on CD, and have been reading the FAQ's, > man pages, mailing list archives, etc for some background on how to > keep the system up to date once installed. > > I understand I could follow stable, or current. If I follow stable, > are security updates for ports and packages released to stable, or > just updates to the core release? > > I know I could get updates to both core release and ports if I follow > current, but as this is going to be a production server, I would not > feel comfortable running it in on current. > > What is the best practise within OpenBSD to keep both the core > and ports/packages up to date security-wise on the 4.5 release? > > Thanks, > > > Al. The ports -STABLE tree is no longer supported, so what is there on release is what you'll run. Due to the modifications to the OpenBSD compiler and other security measures in the system even the -STABLE ports are better protected than on other systems. If an exploit is found in one of the ports as it is built/run on other systems, the exploit will often fail on OpenBSD. *outside* of the official openbsd project some ports for -STABLE are updated by people who have an interest in doing specific security updates to specific ports. You can find the *unoffical* patches here: http://openbsd.rutgers.edu/ The above requires you to learn how to build your own software within the ports tree, rather than the typical (and suggested) route for new users to use the available packages (i.e. pre-compiled ports). If you're starting off, just stick with following -STABLE until you learn the system. It's the best way to keep things simple while you're learning, and it's also a great way to keep things simple when running production servers. -- J.C. Roberts
