netbsd-help: Re: Tracking NetBSD 2.x

Subject: Re: Tracking NetBSD 2.x
To: None <netbsd-help@netbsd.org>
From: Frederick Bruckman <fredb@immanent.net>
List: netbsd-help
Date: 01/07/2005 15:36:00
In article <41DE5C05.4060308@espace29.asso.fr>,
	Mathias Breuninger <mathias@espace29.asso.fr> writes:
> 
> We've got NetBSD 2.0 production machines.
> 
> I would like to know which cvs branch to track: "netbsd-2" or "netbsd-2-0"?
> 
> I understood that the "netbsd-2-0" branch is for security patches only 
> and goes towards NetBSD 2.0.1 and that the "netbsd-2" branch goes 
> towards NetBSD 2.1.
> 
> Are the netbsd-2-0 branch patches part of the netbsd-2 branch?

Yes. That much is clear. The developer community is still discussing
the details, but the discussion seems to be about wrapped up. (I'm just
a developer, so if the forthcoming official announcement from the Releng
Team contradicts what I say, it would take precedence.)
 
> Is it safe to track netbsd-2 for production machines?
> 
> Before the numbering scheme moved, I used to track "netbsd-1-6" for the 
> 1.6 release.

The equivalent to netbsd-1-6 will be netbsd-2. For those tracking the
branch, "uname -r" will likely report something ending in "_STABLE".

The equivalent of netbsd-2-0 on the NetBSD 1.6 track, would be if you
had installed NetBSD 1.6, and then religiously applied every manual
pull-up and patch detailed in every security advisory to NetBSD 1.6.
(Note that it's not desirable to crank <sys/param.h> for such things,
so "uname -r" would still report "2.0". One idea floated is to crank
"/etc/release" as changes are pulled up to this branch, so admins can
more easily tell if the updates have been applied.)

Fate may have it, that NetBSD 2.1 will be out before any vulnerabilites
are discovered, in which case there might never be any commits to the
netbsd-2-0 branch at all.  It isn't quite clear yet whether or for how
long netbsd-2-0 will have to be maintained after NetBSD 2.1 is released.
I suspect it will depend on timing and circumstances.

Note that the branch created for the RC candidates leading up to NetBSD
2.0 was "netbsd-2-0", by analogy with "netbsd-1-6".  This is now widely
recognized as a mistake.  For folks pulling updates, the consequences
are pretty minimal, though: anyone who wants to track _STABLE will just
have to cvs update with "-rnetbsd-2".  (As of today, both branches pull
exactly the same sources.)


Frederick