Keeping my system up to date with CTM or subversion?

[Ed Flecko]

I'm confused about an effective way to keep my system patched and
up-to-date, and I'm hoping someone can clarify what seems like a lot of
options.

I'll be running a production server (so security and stability are most
important) with a custom kernel and I want it to have all of the latest
security patches applied. I'll install from DVD and I'll chose the option
to install both the ports and the source.

After this, it sure seems like the best way, in terms of speed to download
any updated files, is to use CTM as a cron job, but I think the FBSD
handbook recommends subversion? Also, I think I read that CTM won't update
documentation? Is that right?

I also see some people say they use portsnap, portaudit and portupgrade.
For example, I came across this command:

portsnap fetch && /usr/sbin/portsnap update && /usr/local/sbin/portaudit -F
&& /usr/local/sbin/portupgrade –aR

however these utilities are used more for keeping your ports collection
up-to-date (if you install software from ports), and not so much for
keeping your system patched from a security perspective - isn't that right?

Hopefully, someone can clarify my confusion.

Thank you!

Ed