Quote:
Originally Posted by marconi
Can system with this method of patching be secure enough like system with rebuilded kernel and binares from stable source?
|
Welcome!
The
-stable branch
may contain fixes which were not deemed important enough to warrant the creation of a patch for
-release. In terms of an equation:
-stable >= -release + installing all published patches.
To say whether these additional fixes to the
-stable branch have any security implications, I
suspect they don't, but this is an opinion. If these fixes had security implications of worth, the developers would make them available as publicly available patches to
-release too.
Quote:
Can i now use stable ports tree, or i must to rebuild kernel and binares from stable source before that?
|
Technically, there are no library differences between
-release &
-stable.
Section 15.4.1 of the FAQ also states:
Because no intrusive changes are made in -stable, it is possible to use a -stable ports tree on a -release system, and vice versa. There is no need to update all your installed packages after applying a few errata patches to your system.
Quote:
If i get stable source with cvs and rebuild kernel and binares, how to know or to check when he created a new stable?
|
Watch the
errata page for published patches. Also, track the
-stable CVS branch & look for check-in's to this branch. The
cvs(1) manpage will give you information on what CVS commands will be needed. Information on how to download the
-stable branch can be found in
Section 5.3.3 of the FAQ.