Subject: Re: system updates
To: NetBSD/i386 Discussion List <firstname.lastname@example.org>
From: Martti Kuparinen <email@example.com>
Date: 08/16/2001 11:20:30
On Wed, 15 Aug 2001, Greg A. Woods wrote:
> For NetBSD you should be able to "sup" or "cvs update" the ``stable''
> branch just as easily and then do regular builds. NetBSD's "make
But if one wants to have the offical release + all security fixes
without "untested" features from the "stable" (e.g. netbsd-1-5) branch?
Ever followed FreeBSD -STABLE and saw things break on production
systems? I have and I don't want to see that again. The FreeBSD's RELENG_4_3
branch is just what I needed.
What I'd like to see in NetBSD is something like this:
| +===== netbsd-1-5-2
So every release (e.g. the forthcoming 1.5.2) will be a BRANCH, not
a normal tag, and this branch would include all the security fixes.
Syncing againts this tag would get only the security fixes, nothing more.
# cvs -q update -r netbsd-1-5-PATHC002 -dP # 1.5.2
# cvs -q update -r netbsd-1-5-2 -dP # 1.5.2 + security fixes
When a release (major or patch release) is released :-) the branch and
the release tag point to identical set of files. Later, when service
foo is fixed for some attack, the fix is also pulled into the
netbsd-1-5-2 branch. The security advisory then advises people to fetch the
latest sources for the netbsd-1-5-2 branch or patch the sources manually
Does this make any sense?
Martti Kuparinen <firstname.lastname@example.org>