FreeBSD Security Survey
Roger Marquis
marquis at roble.com
Tue May 23 15:53:04 UTC 2006
Peter Jeremy wrote:
> One of the major problems with unattended/automatic updating is
> that it is hard to filter them.
It's hard to make a good case for automatic updates when manual
updates are so easy. The main area this could be improved on would
be in a daily report, emailed to root, detailing which installed
ports are out of date. We do this with a shell script
<http://www.roble.com/docs/cvsup-ports-rep>.
One issue with identifying out-of-date installed ports is the
port-version number. We usually ignore port-version-only updates
because it's difficult to tell what was changed and few changes
aren't detailed in /usr/ports/UPDATING.
Another issue has to do with policy regarding -release, -rc, -alpha
versioning. Too many ports maintainers think nothing of using
-pre-release versions that are usually not appropriate on -release
systems.
All that said FreeBSD's ports are still the reference
implementation, head-and-shoulders better than up2date, yum, rpm,
apt-get, or anything else out there.
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
More information about the freebsd-security
mailing list