FreeBSD update

Matthew Seaman m.seaman at infracaninophile.co.uk
Sat Mar 13 06:36:05 PST 2004


On Sat, Mar 13, 2004 at 03:58:22PM +0200, Peter wrote:
> I have read the book Absolute FreeBSD and browse the documentation . However
> security announcements are only for the base system. When some sort of
> library e.g libxml has bug and have to be patched. . In the Linux world
> there apt-get or up2date that take care ALL UPDATES. So following this
> article
> http://www.onlamp.com/pub/a/bsd/2003/08/28/FreeBSD_Basics.html
> will that guarantee that EVERY package or port is up2date wilt my system. Is this
> the best way to do it  ? I want to patch my system everyday. With debian or RedHat there is no need to go to vendors site - security NOTIFICATIONS  are sent to you directly by RedHat or Debian... 

Yes. cvsup+portupgrade is the best, most convenient method for keeping
your system up to date.  Running daily updates is simple and easy.
It's also (IMHO) more effective, quicker reacting and works more
smoothly than the package based systems you mention.  Although
Debian's apt-get is really good.

You're right that there aren't separate security notifications for 3rd
party packages.  That's because the FreeBSD project just doesn't have
the resources to provide such notifications, and there's also a clear
divide in FreeBSD between what is part of the system and what isn't.

There will almost always be mentions of severe vulnerabilities on the
various FreeBSD mailing lists, or in the commit messages in the ports
CVS.  There will be discussion of general problems on the specific
-announce or -security or whatever lists for the specific software
packages and on the general lists like Bugtraq.

That divide between system and 3rd party doesn't exist or is nothing
like as clear in any Linux distibution: don't assume that just because
Linux does things that way that it must be right.  Compare, for
example what happen with Solaris, where security alers are issued for
the basic Solaris system and for the many other software packages that
Sun distributes.  There aren't any notifications that come out of Sun
for commonly used free or commercial packages that most Sun sites will
install as a matter of course; and for essentially the same reasons as
the FreeBSD case -- it's uneconomic to try and track everything.

	Cheers,

	Matthew
 

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040313/3fff554f/attachment.bin


More information about the freebsd-questions mailing list