On Thursday 11 October 2007 07:33:43 Bill Stwalley wrote: > I need your advice on how to update security patches for ports on a dozen > servers with minimal efforts. > > As I gathered, I should run portaudit in cron jobs and then manually update > the ports with vulnerabilities after reading UPDATING. Is this the best > way? Is this manual way feasible for managing a dozen servers? > > I used to run portupgrade in cron jobs, but that created too much > nightmare. For example, imap-uw broke for a few days recently.
Use a tinderbox buildbox, specifically read the part on `Customizing the Environment' and `configuring port OPTIONS' at http://tinderbox.marcuscom.com/README.html The only problem left then is that you still need to manually deploy the binary packages to the servers in case of UPDATING woes. However with a bit of scripting, you can batch this on a case-by-case base. The good part is that you have all things on one machine, know when builds are broken before they get deployed and can test packages to see if they break your applications in a test environment. As a side note: portaudit has a periodic script that installs in /usr/local/etc/periodic/security - you can enable it in /etc/periodic.conf so it's part of the daily security report (I think it's even on by default). -- Mel _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"