Openbsd updating ports
If this is done with two machines you could have each taking turns as being production or staging, or just update production from staging.
You can track changes from the cvs logs and check if you've gotten specific updates in (and these days there's less of a reason to) you'll just need to find some other way to track what updates you want. Build STABLE releases from the above When security updates are published, we evaluate the actual security issue with the profile of machines with that version of the OS/vulnerability.
Are you using a similar approach on your Linux boxes?
I generally don't touch the kernel on any servers unless a security alert has stricken terror into my soul.
Fortunately for us, we have redundant hosts for many things and can therefore roll out with minimal downtime of services.
Because Open BSD supports a broad range of hardware, we can rollout server grade equipment for our primary machines, and lower-end desktops as our redundant hosts (or we just build a temporary box to fill in for the main machine during the update cycle.) Our update procedures are heavily dependent on using the ports/packages system for non-BASE software.
In the cluster situation : Obviously, this was in the case of both a system and a ports update, but the procedure was similar enough updating just packages or system.
It's interesting the different emphasis on ports between Open BSD verses Free BSD.
Open BSD ~ Will follow the mailing list and use the package tools ( pkg_info and pkg_add -u ) where deemed critical.
Stack Exchange network consists of 174 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.