--On December 19, 2005 6:56:25 PM +0400 rihad <[EMAIL PROTECTED]> wrote:
Is there a security branch for the FreeBSD ports collection? Let's say,
I installed FreeBSD 6.0 together with all needed -RELEASE ports/packages.
Running security/portaudit after a while reveals that some of the
installed packages have vulnerabilities. Am I on my own to go grab the
fresh ports tree, and upgrade the affected software, suffering all the
intricacies of the move by myself? Debian GNU/Linux has its security
package updates, OpenBSD has a separately maintained "errata" ports
branch (you still get to download a newer release of the software, though
(IIRC)).
On your own, but not in the sense you may think. If you cvsup your ports
(I do it nightly for all my servers), then you can simply run portupgrade
and all the affected ports will be upgraded (assuming you use the right
switches - I use -ai because I want to be able to decline to upgrade a port
if it's going to affect a lot of people and then schedule it for later that
same day or the next.)
I'm not sure what you mean by "suffering all the intricacies". Cvsup will
fetch all the ports that have updates (assuming you use the right config -
man is your friend), so you really don't have to do much except launch
cvsup (if you haven't already scheduled it routinely) and then launch
portupgrade once cvsup is done.
When I set up a new server, one of the first things I do, before installing
any applications, is run cvsup to update everything. Then I setup cvsup to
run nightly, and only then to I begin installing whatever applications that
particular server might need.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
