Xin LI wrote: > Dear folks, > > I'm recently investigating large scale deployment and upgrading FreeBSD > RELEASE. It's our tradition to bump "RELEASE-pN" after a security patch > is applied, however, it seems that there is less method to determine > whether the userland is patched, which is somewhat important for large > site managements. > > So is "uname -sr" the only way to differencate the patchlevel of a security > branch? I have read Colin's freebsd-update script and to my best of > knowledge this is the only way (and, on condition that we have re-compiled > the kernel and installed it, and reboot'ed). Given the nature of a security > or errata branch, we can expect that no API/ABI changes will occour and it > should be safe to do make installworld/installkernel in any order, and bumping > patchlevel does not mean that a reboot must be done. > > Please correct me if I was wrong, thanks. I upgrade systems by creating packages which contain all upgraded files I have a set of makefiles etc. checked into my local CVS tree that check out a freeBSD tree at a given revision and build it (withlocal patches added) and then extracts out fies according to a list I supply. On completion I check the list in too, so I can theoretically recreate that patch.. I use the package system to keep track of which packages are loaded onto a system, and newer upgrade packages always have earlier ones as dependencies.. > > Cheers, _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"