From owner-freebsd-questions@FreeBSD.ORG  Thu Oct 11 17:01:33 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D417A16A41B
	for <freebsd-questions@freebsd.org>;
	Thu, 11 Oct 2007 17:01:33 +0000 (UTC) (envelope-from bsam@kfs.ru)
Received: from kfs.ru (kfs.kfs.ru [62.183.117.194])
	by mx1.freebsd.org (Postfix) with ESMTP id 8399913C44B
	for <freebsd-questions@freebsd.org>;
	Thu, 11 Oct 2007 17:01:33 +0000 (UTC) (envelope-from bsam@kfs.ru)
Received: from bsam by kfs.ru with local (Exim 4.67 (FreeBSD))
	(envelope-from <bsam@kfs.ru>)
	id 1Ig0qA-000P4Y-Qu; Thu, 11 Oct 2007 20:24:50 +0400
To: "Bill Stwalley" <stwalley2004@gmail.com>
References: <687f2b920710102233ve746e2auece74d1e95486e73@mail.gmail.com>
From: Boris Samorodov <bsam@ipt.ru>
Date: Thu, 11 Oct 2007 20:24:50 +0400
In-Reply-To: <687f2b920710102233ve746e2auece74d1e95486e73@mail.gmail.com>
	(Bill Stwalley's message of "Thu, 11 Oct 2007 01:33:43 -0400")
Message-ID: <66259053@serv3.int.kfs.ru>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: "Boris B. Samorodov" <bsam@kfs.ru>
Cc: freebsd-questions@freebsd.org
Subject: Re: best way to update ports
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Oct 2007 17:01:33 -0000

On Thu, 11 Oct 2007 01:33:43 -0400 Bill Stwalley wrote:

> I need your advice on how to update security patches for ports on a dozen
> servers with minimal efforts.

> As I gathered, I should run portaudit in cron jobs and then manually update
> the ports with vulnerabilities after reading UPDATING.  Is this the best
> way?  Is this manual way feasible for managing a dozen servers?

> I used to run portupgrade in cron jobs, but that created too much
> nightmare.  For example, imap-uw broke for a few days recently.

> Someone recommended
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/small-lan.html .
> It's great for maintaining machines with identical ports installed, but not
> good when ports are installed with different options on different servers.

You may be interested in ports-mgmt/tinderbox. It let you package
ports for different FreeBSD versions (jails in terms of tinderbox)
and for different portstrees and options at a single machine.

Then you may do a "portupgrade -PP" for the needed ports.


WBR
-- 
Boris Samorodov (bsam)
Research Engineer, http://www.ipt.ru Telephone & Internet SP
FreeBSD committer, http://www.FreeBSD.org The Power To Serve