Hi,
Thanks for info and link.
Kind regards,
Al.
On 1 Apr 2009, at 19:24, J.C. Roberts wrote:
On Wed, 1 Apr 2009 16:40:54 +0100 Alun Eyre
<alun.e...@btopenworld.com>
wrote:
Hi,
I have pre-ordered 4.5 on CD, and have been reading the FAQ's,
man pages, mailing list archives, etc for some background on how to
keep the system up to date once installed.
I understand I could follow stable, or current. If I follow stable,
are security updates for ports and packages released to stable, or
just updates to the core release?
I know I could get updates to both core release and ports if I follow
current, but as this is going to be a production server, I would not
feel comfortable running it in on current.
What is the best practise within OpenBSD to keep both the core
and ports/packages up to date security-wise on the 4.5 release?
Thanks,
Al.
The ports -STABLE tree is no longer supported, so what is there on
release is what you'll run. Due to the modifications to the OpenBSD
compiler and other security measures in the system even the -STABLE
ports are better protected than on other systems. If an exploit is
found in one of the ports as it is built/run on other systems, the
exploit will often fail on OpenBSD.
*outside* of the official openbsd project some ports for -STABLE are
updated by people who have an interest in doing specific security
updates to specific ports. You can find the *unoffical* patches here:
http://openbsd.rutgers.edu/
The above requires you to learn how to build your own software within
the ports tree, rather than the typical (and suggested) route for new
users to use the available packages (i.e. pre-compiled ports).
If you're starting off, just stick with following -STABLE until you
learn the system. It's the best way to keep things simple while you're
learning, and it's also a great way to keep things simple when running
production servers.
--
J.C. Roberts
