View Single Post
  #2   (View Single Post)  
Old 2nd October 2008
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by guitarscn View Post
...for security/stability purposes, is it best to just run -Release until the next -Release version, or would running with -Stable be a good choice?
Your question is basically asking what are the differences between -release & -stable.
  • -release is static. Once the CVS tree has been formally tagged, the files associated with -release for that particular version will never change. Ever.
  • Any patches made are checked into the -stable branch. Checking out the CVS tree at any particular moment will get the most up-to-date patched version of -release. This would lead one to believe that:
    -stable = -release + published patches
    There was a time when the FAQ mentioned a caveat saying that -stable may additionally contain some minor changes which were considered insufficiently worthy of a published patch for -release. This implied:
    -stable + minor patches >= -release + published patches
    This caveat was removed from the FAQ several releases ago. Although I cannot prove it, I suspect it is fair to assume that this is still the case. Do these minor patches have security/stability implications? Probably not. Most can probably be deemed cosmetic.
As for recommending whether one should run -release or -stable, it depends upon your needs, skill set, hardware resources, & willingness to spend time maintaining your system(s). Obviously a patched installation is more secure/stable than an installation which is not. Whether you go with patching -release or go with -stable is a personal choice. Personally, if these were my two choices I would go with the latter because most of my systems can support compiling.

If your line of questioning is really asking whether there has ever been a patch which has in turn required another patch, search through what information can be found at the following:

http://openbsd.org/errata43.html

This page chronicles all patches issued for all versions.

There is a corollary to this topic which needs to be mentioned. If your data is vital to your business or valuable merely as a property, back it up, & back it up often. Mistakes & disasters happen. The true measure of a sysadmin is not allowing the incident be catastrophic. Being prepared to deal with the situation is the best plan, & having up-to-date backups of important data is a necessary first step.
Reply With Quote