Security Updates and Patching Two Choices?

Giorgos Keramidas keramida at
Mon Mar 29 13:40:55 PST 2004

On 2004-03-29 15:07, Charles Swiger <cswiger at> wrote:
>On Mar 29, 2004, at 2:28 PM, Sean Murphy wrote:
>>I don't want to build "all" sources when I just need these on my
>>system (bin, man, and crypto).  The same selection I use from a new
>>install from /stand/sysinstall.  Is that possible?
> If you look at /etc/default/make.conf for a bunch of components
> starting with NO_, you can set those to get something close to what
> you've asked for.

Good idea :-)

>> If a tag just the 4_9 Release in the CVSupfile can i just ignore the
>> mergemaster? also can I just CVSup the sources and build the ones I
>> want? (see above)
> Generally one can ignore doing the mergemaster simply for a security
> patch.

Unless, of course, the security patch fixes problems in /etc files that
mergemaster *must* update.  It's not very difficult to run mergemaster.
I wouldn't recomment avoiding it altogether.  Instead, I'd probably
recommend one of two things, or both at the same time:

	a. Read the available documentation about /etc files.  You don't
have to learn all the (admittedly, mostly boring) details about every
single file there is.  Just skim through the manpages to get a general
idea of what purpose each file serves.

	b. Install (almost blindly) all the files that mergemaster wants
to "update", unless you are absolutely certain you have made manually
some changes to the installed version.

	c. Merging the files which contain local changes is easy enough,
as long as you spend a few moments to read the sdiff(1) manpage.  This
is the tool mergemaster uses to "merge" the files it updates.

Please, do not skip running mergemaster :-)

- Giorgos

More information about the freebsd-questions mailing list