In article <20040924101054.GA5819@sedcatala.org>,
	dsiliceo@sedcatala.org (Domingo A. Siliceo) writes:
> 
> thinking about a message posted to this list a few days ago, I'm
> wondering what will happen if I compile a 1.6.2 kernel on a production
> server actually running NetBSD 1.5.2. Since I have most applications
> compiled from new and updated source, I do not need -I guess- update
> *all* the system.

Though most things will work, it's not recommended to run that way for
an extended period, and there can be no guarantees. IPfilter, for instance,
will very likely no longer work, and even more essential tools occasionally
break on a kernel only upgrade.  A better idea, if you're not keen on
upgrading the whole system, might be to upgrade the kernel to the latest
on the netbsd-1-5 branch, to get the security and other bugs fixes
committed post NetBSD 1.5.3.  Problems are less likely to arise on a
kernel only upgrade, if you stick to the same branch.

It's also a good idea to look through the security advisories (listed on
the web page).  Depending upon what your production server is actually
serving, you may be leaving it open to some known exploit by not updating
userland. I seem to remember that the fix for the vulnerability in OpenSSL
requires an update to the shared libraries *and* a recompile of programs.

The netbsd-1-5 branch is old, but still maintained, at least for security
issues, while netbsd-1-6 is getting old, too. If you're a very infrequent
updater, it might make sense to take advantage of the work done on the
the netbsd-1-5 branch now, and hold out for NetBSD 2.0. We're maintaining
up to three branches just for this reason, so that infrequent updaters
can "leapfrog" in that way.

-- 
Frederick