[[ this should be discussed on netbsd-users, not port-i386 ]]

[ On Wednesday, August 15, 2001 at 10:47:12 (-0400), Alex wrote: ]
> Subject: system updates
>
> I run my machines conservatively: always an official release,
> never -current or a snapshot, and usually not the most recent
> official release, even.  And I manually install security or other
> critical patches as needed --- and it's this that can sometimes
> get frustrating and time-consuming, especially compared to what
> people who run FreeBSD or Debian tell me about how easy it is to
> "track stable" with the administrative tools those OSes provide.

Personally I don't find FreeBSD's "track stable" process to be any less
overhead than doing the same on NetBSD.  Sure their builds work "better"
in general, but unless you keep source on *every* machine then you've
still got to do the manual work of upgrading individual production
machines.

For NetBSD you should be able to "sup" or "cvs update" the ``stable''
branch just as easily and then do regular builds.  NetBSD's "make
release" kinda sucks compared to FreeBSD's (you need to do a lot more
manual work to get to finall install images suitable for populating an
FTP server), but if you do "make build" with source on every machine
(much as many FreeBSD folks do) then you can skip all those final
release building steps since the "make install" done by "make build"
will have upgraded your machine for you.

Either way you build the only really hard part of upgrading machines
manually should be in the merging of the files from the etc.tgz set.

FreeBSD bypasses this for people doing "from-source" installs by using a
tool that compares revision ID#s from the source tree files with the
installed files and then assists the user in determining which can be
just copied in and which have to be merged, etc.

I took a copy of an older variant of FreeBSD's tool and used it for a
while, but I've found that except on my build machines I just end up
doing the production machine merges of /etc manually anyway.  That's no
big deal for me though as I always RCS all changes I've made to any
files on any production machines.  I can usually simply copy the new
file into place and edit it with "rcsdiff -r1.1 file | patch file".

I've also modified what goes into the etc.tgz set to more directly suit
my specific environment too -- I put all the stuff that I never modify
on a per-system basis into base.tgz and then if I need to make changes
to any of it (changes that would be made on all systems accross the
board) then I make them in my local source tree and they're
automatically propogated during the next upgrade install.  If I were to
do source builds on every machine I'd have muh the same benefit though
of course I'd have to "cvs update" from my own local CVS server so that
I could share my local changes, which means I'd have to track NetBSD
with "cvs import", but I do that anyway so it's no big deal!  ;-)

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>     <woods@robohack.ca>
Planix, Inc. <woods@planix.com>;   Secrets of the Weird <woods@weird.com>