portmaster best practices
Victor Sudakov
vas at mpeks.tomsk.su
Tue Jan 24 08:49:08 UTC 2012
Roland Smith wrote:
> >
> > If portaudit shows that some installed packages have vulnerabilities,
> > what do you usually do?
>
> It depends on the vulnerability and what the package does. I will de-install
> it if I think that the vulnerability is critical for me and there is no
> workaround.
>
> Look at freshports [http://www.freshports.org/commits.php] regularly to see if
> updates for vulnerable packages are available.
This is pretty obvious and I run portsnap from cron.
>
> Generally I like to run 'portsnap fetch update' followed by 'portmaster -ai'
> (after reading /usr/ports/UPDATING) every week. This keeps the number of huge
> compilefests (like gettext updates :-() to a minimum.
Has portmaster ever screwed things up for you?
>
> For efficiency, I tend to keep one machine up-to-date in that way,
> and use rsync to then distribute the changes in /usr/local to my
> other machines. This only works for machines that are on the same
> major FreeBSD version and architecture, of course.
That's interesting. Do you also rsync /var/db/pkg ?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-questions
mailing list