FreeBSD Security Survey

Steven Hartland killing at
Mon May 22 03:47:07 PDT 2006

Brent Casavant wrote:
> On Sun, 21 May 2006, Colin Percival wrote:
> So, in short, that's why *I* rarely update ports for security reasons.
> There are steps that could be taken at the port maintenance level that
> would work well for my particular case, however that's beyond the
> scope of the survey.  Thanks for taking the time put the survey
> together, I certainly hope it proves useful.

Perfectly put there Brent portupgrade is all very powerful but:
* Take an absolute age to do anything but the simplest updates
* Often fails and needs significant manual fixing

Here its usually 100 times quicker to just do:
pkg_info | awk '{print $1}' > packages.txt
cat packages.txt | xargs pkg_delete -f
cat packages.txt | xargs pkg_add -r

This at least brings you up to a known good set. Alternatively I
also use something similar but build from ports the problem with
that is often the ports need to be built with custom options to get
back to how you started so unless you where very maticuls in
noting down the options to every port on every machine you
installed something often goes wrong :(

On good example of portupgrade "going off on one" is a simple
upgrade of mtr we dont install any X on our machines so mtr-nox11
is installed. Whenever I've tried portupgrade in the past its
always trolled of and started downloading and build the behemoth
that is X, CTRL+C hence always ensues and I forget about upgrading
until I really HAVE to.


This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. 

In the event of misdirection, illegible or incomplete transmission please telephone (023) 8024 3137
or return the E.mail to postmaster at

More information about the freebsd-stable mailing list