Subject: Keeping 1.6.1 up to date.
To: None <netbsd-users@netbsd.org>
From: Louis Guillaume <lguillaume@berklee.edu>
List: netbsd-users
Date: 11/19/2003 18:56:45
Hi Everyone,
A great thing happened where a colleague of mine, upset with Redhat,
decided to look at NetBSD.
The one thing that's making him hesitate now is "How do you update a
part of the base distribution if there was, say, a security advisory on
that item?" He wants to see an up2date-like tool.
I'm accustomed to using -current, where I build regularly and that would
typically take care of issues like this. And then there's pkg_audit for
the packages.
Let's paint a hypothetical scenario...
. Take a cleanly installed 1.6.1 system with no packages.
. Subsequently, security advisories for several packages come out.
. Patches are now made to -current and successfully tested for these fixes.
Is the official NetBSD-1.6.1 distribution now going to be patched or do
we have to wait for the next release before we can have a secure
distribution?
Let's assume the former is true and the sets for 1.6.1 are updated with
the fixes.
Are we expected to retrieve the latest sets and essentially upgrade
1.6.1 to 1.6.1(patched)?
What is the expected maintenance scheme for a NetBSD release in a
production environment?
Any help would be fantastic,
Thanks
Louis