portmaster best practices

Roland Smith rsmith at xs4all.nl
Mon Jan 23 20:35:35 UTC 2012

On Mon, Jan 23, 2012 at 05:32:33PM +0700, Victor Sudakov wrote:
> Hello portmaster users,
> If portaudit shows that some installed packages have vulnerabilities,
> what do you usually do?

It depends on the vulnerability and what the package does. I will de-install
it if I think that the vulnerability is critical for me and there is no

Look at freshports [http://www.freshports.org/commits.php] regularly to see if
updates for vulnerable packages are available.

Generally I like to run 'portsnap fetch update' followed by 'portmaster -ai'
(after reading /usr/ports/UPDATING) every week. This keeps the number of huge
compilefests (like gettext updates :-() to a minimum.

For efficiency, I tend to keep one machine up-to-date in that way, and use
rsync to then distribute the changes in /usr/local to my other machines. This
only works for machines that are on the same major FreeBSD version and
architecture, of course.

R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20120123/ab8e12d2/attachment.pgp

More information about the freebsd-questions mailing list