portmaster best practices

Victor Sudakov vas at mpeks.tomsk.su
Tue Jan 24 08:49:08 UTC 2012

Roland Smith wrote:
> > 
> > If portaudit shows that some installed packages have vulnerabilities,
> > what do you usually do?
> It depends on the vulnerability and what the package does. I will de-install
> it if I think that the vulnerability is critical for me and there is no
> workaround.
> Look at freshports [http://www.freshports.org/commits.php] regularly to see if
> updates for vulnerable packages are available.

This is pretty obvious and I run portsnap from cron.

> Generally I like to run 'portsnap fetch update' followed by 'portmaster -ai'
> (after reading /usr/ports/UPDATING) every week. This keeps the number of huge
> compilefests (like gettext updates :-() to a minimum.

Has portmaster ever screwed things up for you?

> For efficiency, I tend to keep one machine up-to-date in that way,
> and use rsync to then distribute the changes in /usr/local to my
> other machines. This only works for machines that are on the same
> major FreeBSD version and architecture, of course.

That's interesting. Do you also rsync /var/db/pkg ?

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru

More information about the freebsd-questions mailing list