How to keep kernel up-to-date with Security/Errata Fixes?

Justin C. Sherrill justin at shiningsilence.com
Sat Mar 25 18:58:04 PST 2006


On Sat, March 25, 2006 9:00 pm, Dragronfly Kernel List User wrote:

> Not trying to argue with you, but simply trying to discern the
> differences between the release cycles of DF and FBSD, it seems to me
> that DF's RELEASE release cycle is a mixture of FBSD's Release and
> Stable with some native features.
>
> DF's patches are committed without thorough testing (like FBSD Stable)
> and RELEASE sub-versions are bumped up without code freezes, release
> candidates or betas (native to DF).

There's a bit more detail here:
http://www.shiningsilence.com/dbsdlog/index.php/2004/05/07/381.html

Commits to a release tag (even numbers) are either immediate security
fixes, like the recent Sendmail vulnerability, or something that's already
been tested out in Preview (odd numbers) or, rarely, the most recent code.

The Preview version ends up being a sort of release candidate; it has to
be relatively stable for a while before a Release tag can be done.  Along
the same lines, Preview only changes when the current code has been
relatively trouble-free, and there's no major work going in.  These
different versions are tagged in CVS, not branched, so it isn't an exact
match to FreeBSD methods.

So, while there is not a freeze/candidate cycle, there is a settling
period for new features that is comparable.  Given the small, tight nature
of the committing group, a formal process hasn't been needed to keep
things "quiet" before releases, so far.

Anecdotally, I've been running Release versions on shiningsilence.com for
a long time, now, and had zero issues.







More information about the Kernel mailing list