On Tuesday 20 December 2005 11:18, rihad wrote: > Yann Golanski wrote: > > Quoth rihad on Tue, Dec 20, 2005 at 10:25:59 +0400 > > > >>Is there a security branch for the FreeBSD ports collection? Let's say, > >>I installed FreeBSD 6.0 together with all needed -RELEASE ports/packages > >>(i.e., those on the CD). Running security/portaudit after a while > >>reveals that some of the installed packages have vulnerabilities. Am I > >>on my own to go grab the fresh ports tree, and upgrade the affected > >>software, suffering all the intricacies of the move by myself? Debian > >>GNU/Linux has its security package updates, OpenBSD has a separately > >>maintained "errata" ports branch (it's very likely you still get to > >>download a newer release of the software, though). > > > > Attached is a script I use to update my machines. It works fine but > > you need to understand what it does and not run it blindly. DO NOT put > > that in cron, there lies pain! > > > > Otherwise, just run the script and it will update all your ports for > > you. It'll even mail you with the updated ports. > > [script snipped] > > A very interesting script for its own purpose, but I'm afraid this > doesn't answer my question at all.
FreeBSD accepts limited responsibility for what is in /usr/ports. Maintaining security is not one of them. > Perhaps seeing the way that e.g. > Debian deals with the upgrade problem might shed some light on the > issue. Hell, FreeBSD does exactly that for the base world+kernel, too! > Not for the ports, though. See above. Instead of focusing on the method, focus on the end-goal: you want security updates on your ports and the script posted attempts to provide that. I had one that was safe to run in cron (in fact it ran in periodic/daily), but uses a cvs tree of ports, not cvsup to save time[1]. I lost it with a disk crash, but was going to recreate it anyway, might as well do it now if people are interested. [1] cvsup allthough faster on the entire tree cannot update a single directory. -- Melvyn Sopacua [EMAIL PROTECTED] FreeBSD 6.0-STABLE Qt: 3.3.5 KDE: 3.4.3 _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"