Re: ports security branch
- From: Melvyn Sopacua <freebsd.stable@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 20 Dec 2005 11:43:55 +0100
On Tuesday 20 December 2005 11:18, rihad wrote:
> Yann Golanski wrote:
> > Quoth rihad on Tue, Dec 20, 2005 at 10:25:59 +0400
> >>Is there a security branch for the FreeBSD ports collection? Let's say,
> >>I installed FreeBSD 6.0 together with all needed -RELEASE ports/packages
> >>(i.e., those on the CD). Running security/portaudit after a while
> >>reveals that some of the installed packages have vulnerabilities. Am I
> >>on my own to go grab the fresh ports tree, and upgrade the affected
> >>software, suffering all the intricacies of the move by myself? Debian
> >>GNU/Linux has its security package updates, OpenBSD has a separately
> >>maintained "errata" ports branch (it's very likely you still get to
> >>download a newer release of the software, though).
> > Attached is a script I use to update my machines. It works fine but
> > you need to understand what it does and not run it blindly. DO NOT put
> > that in cron, there lies pain!
> > Otherwise, just run the script and it will update all your ports for
> > you. It'll even mail you with the updated ports.
> [script snipped]
> A very interesting script for its own purpose, but I'm afraid this
> doesn't answer my question at all.
FreeBSD accepts limited responsibility for what is in /usr/ports. Maintaining
security is not one of them.
> Perhaps seeing the way that e.g.
> Debian deals with the upgrade problem might shed some light on the
> issue. Hell, FreeBSD does exactly that for the base world+kernel, too!
> Not for the ports, though.
See above. Instead of focusing on the method, focus on the end-goal: you want
security updates on your ports and the script posted attempts to provide
I had one that was safe to run in cron (in fact it ran in periodic/daily), but
uses a cvs tree of ports, not cvsup to save time. I lost it with a disk
crash, but was going to recreate it anyway, might as well do it now if people
 cvsup allthough faster on the entire tree cannot update a single
freebsd-stable@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"