Thread: stable ports
View Single Post
  #2   (View Single Post)  
Old 24th March 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by marconi View Post
Can system with this method of patching be secure enough like system with rebuilded kernel and binares from stable source?
Welcome!

The -stable branch may contain fixes which were not deemed important enough to warrant the creation of a patch for -release. In terms of an equation:

-stable >= -release + installing all published patches.
To say whether these additional fixes to the -stable branch have any security implications, I suspect they don't, but this is an opinion. If these fixes had security implications of worth, the developers would make them available as publicly available patches to -release too.
Quote:
Can i now use stable ports tree, or i must to rebuild kernel and binares from stable source before that?
Technically, there are no library differences between -release & -stable. Section 15.4.1 of the FAQ also states:

Because no intrusive changes are made in -stable, it is possible to use a -stable ports tree on a -release system, and vice versa. There is no need to update all your installed packages after applying a few errata patches to your system.
Quote:
If i get stable source with cvs and rebuild kernel and binares, how to know or to check when he created a new stable?
Watch the errata page for published patches. Also, track the -stable CVS branch & look for check-in's to this branch. The cvs(1) manpage will give you information on what CVS commands will be needed. Information on how to download the -stable branch can be found in Section 5.3.3 of the FAQ.

Last edited by ocicat; 25th March 2012 at 01:13 AM.
Reply With Quote