Subject: Re: system updates
To: Martti Kuparinen <firstname.lastname@example.org>
From: None <email@example.com>
Date: 08/16/2001 17:42:51
>But if one wants to have the offical release + all security fixes
>without "untested" features from the "stable" (e.g. netbsd-1-5) branch?
>Ever followed FreeBSD -STABLE and saw things break on production
>systems? I have and I don't want to see that again. The FreeBSD's RELENG_4_3
>branch is just what I needed.
no untested features should appear into netbsd-1-5 branch, since
netbsd-1-5 branch should have no new things (everything has to be
merged into from main trunk = current).
>What I'd like to see in NetBSD is something like this:
> +======+===== netbsd-1-5
> ^ |
> | +===== netbsd-1-5-2
> | ^
> | |
> | netbsd-1-5-PATCH002
>So every release (e.g. the forthcoming 1.5.2) will be a BRANCH, not
>a normal tag, and this branch would include all the security fixes.
>Syncing againts this tag would get only the security fixes, nothing more.
> # cvs -q update -r netbsd-1-5-PATHC002 -dP # 1.5.2
> # cvs -q update -r netbsd-1-5-2 -dP # 1.5.2 + security fixes
>When a release (major or patch release) is released :-) the branch and
>the release tag point to identical set of files. Later, when service
>foo is fixed for some attack, the fix is also pulled into the
>netbsd-1-5-2 branch. The security advisory then advises people to fetch the
>latest sources for the netbsd-1-5-2 branch or patch the sources manually
what will happen to netbsd-1-5 branch, and who will pull in
security fixes to all those branches (main trunk, netbsd-1-5,
netbsd-1-5-2)? i like the current strategy better.