Ports question ....

Mike Clarke jmc-freebsd2 at milibyte.co.uk
Thu Aug 28 22:31:49 UTC 2014 

On Thursday 28 August 2014 15:16:40 William A. Mahaffey III wrote:

> I think that is what I am asking .... To be more precise, how often 
> should I check to see if it is updated, weekly, monthly, other ....
> I guess that is the nub of the question ....

It's largely down to what's most convenient for you.

There's a lot to be said for the "If it ain't broke don't mend it" 
philosophy. If everything's working fine on your system and you don't 
need the latest and greatest new feature recently added to one of your 
ports then there's no real need to keep updating them.

If a port has just been updated to fix some freshly discovered 
security issue then you need to upgrade it ASAP. Running the periodic 
script from ports-mgmt/portaudit is a good way of being kept up to 
date with new vulnerabilities affecting ports installed on your 
system.

There could be a delay before a new version of a vulnerable port is 
available. You can check what the latest revision level of a port is 
by looking it up at <http://www.freshports.org>.

After running portsnap you can run "pkg version -vIL=" to see a list 
of which ports have version numbers which differ from the latest.

You need to maintain all your ports in a consistent state, upgrading 
just one port can lead to dependency problems so it's worth using 
ports-mgmt/portmaster after running portsnap, this can upgrade all 
affected ports.

If you only upgrade your ports when required by security issues then 
you may find that there are lots of ports with newer versions so, to 
reduce the workload, you might prefer to upgrade rather more 
frequently than waiting until a security issue requires it.

Sometimes you will need to give some ports individual attention before 
running a bulk upgrade. Check for this by seeing if any of your ports 
are mentioned in /usr/ports/UPDATING - you only need to check entries 
dated later than the last time you did an upgrade and take whatever 
action is advised there.

If you pay attention to /usr/ports/UPDATING then portmaster will 
usually upgrade all affected ports without problems but sometimes you 
come across a situation that it can't handle and you might need to 
deal with the problematic port yourself.

-- 
Mike Clarke

More information about the freebsd-questions mailing list