ports security branch
nalists at scls.lib.wi.us
Mon Dec 19 11:33:10 PST 2005
Paul Schmehl wrote:
> I'm not sure what you mean by "suffering all the intricacies". Cvsup
> will fetch all the ports that have updates (assuming you use the right
> config - man is your friend), so you really don't have to do much except
> launch cvsup (if you haven't already scheduled it routinely) and then
> launch portupgrade once cvsup is done.
> When I set up a new server, one of the first things I do, before
> installing any applications, is run cvsup to update everything. Then I
> setup cvsup to run nightly, and only then to I begin installing whatever
> applications that particular server might need.
I do a very similar thing only I don't cvsup/portupgrade frequently,
I portaudit frequently and then cvsup/portupgrade on demand. This
way is somewhat less intrusive, as there are frequently port version
bumps available that are not security related and certainly not
required for continuity of service.
When first getting used to this stuff I thought it moderately
burdensome compared to automatic binary updates, but I quickly came
to understand the value of being able to choose exactly what, how
and when to upgrade. All regrets soon faded.
Intricacies and suffering? Sometimes yes, but not that frequently,
and it's worth it.
Greg Barniskis, Computer Systems Integrator
South Central Library System (SCLS)
Library Interchange Network (LINK)
<gregb at scls.lib.wi.us>, (608) 266-6348
More information about the freebsd-questions