[BUGS] question on up keeping of a production server

[Jerahmy Pocott]

On 05/06/2008, at 6:58 PM, goku - wrote:

> nteresting... so you don't recommend using the freebsd-update. so if  
> there is any minor or major security fixes, you would recommend just  
> to cvsup then do a make build world and make install world.  or  
> would you just update the patches one at a time.

It's not anything really negative against using the binary update it's  
just that I prefer to compile the system with MY settings. The binary  
updates are compiled with conservative settings to promote  
compatibility above performance, the main benefit to that is it has  
been tested and known to work and downloading a compiled binary is  
generally faster than compiling from the sources yourself. Using the  
make system with sources from the cvs allows you to compile for the  
best performance on your hardware, but that opens up the possibility  
of doing something that will cause your system to be unstable or not  
work at all (for example compiling the kernel with -O3 is a bad idea,  
personally I compile the kernel with just -O and the rest of the  
system with -O2) and depending on the processing power of the system  
can take quite a long time to complete. That said, if you're running a  
critical production server, you should really have a backup system  
that you would test any updates etc on first, so you would know if it  
worked and you wouldn't be using the resources of the actual server to  
do the compile..

Generally I would run csup a couple of times (to make sure the sources  
are stable), then make the buildworld and possibly kernel targets,  
drop to single user, installworld, mergemaster, reboot. Which results  
in less than 30sec of down time.