From owner-freebsd-questions@FreeBSD.ORG Thu Dec 22 23:42:10 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A68E916A41F for ; Thu, 22 Dec 2005 23:42:10 +0000 (GMT) (envelope-from no-spam@swiftdsl.com.au) Received: from smtp.ade.swiftdsl.com.au (smtp.ade.swiftdsl.com.au [218.214.228.98]) by mx1.FreeBSD.org (Postfix) with SMTP id 2CBF043D66 for ; Thu, 22 Dec 2005 23:42:08 +0000 (GMT) (envelope-from no-spam@swiftdsl.com.au) Received: (qmail 27452 invoked from network); 22 Dec 2005 23:42:08 -0000 Received: from unknown (HELO daemon.foo.lan) (218.214.176.70) by smtp.ade.swiftdsl.com.au with SMTP; 22 Dec 2005 23:42:08 -0000 From: Ian Moore To: freebsd-questions@freebsd.org Date: Fri, 23 Dec 2005 10:11:56 +1030 User-Agent: KMail/1.8.3 References: <43A7A39D.7000305@mail.ru> In-Reply-To: <43A7A39D.7000305@mail.ru> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2416466.esUNh859vs"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200512231012.05320.no-spam@swiftdsl.com.au> Cc: rihad Subject: Re: ports security branch X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2005 23:42:10 -0000 --nextPart2416466.esUNh859vs Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 20 December 2005 16:54, rihad wrote: > Is there a security branch for the FreeBSD ports collection?=20 No, there isn't. > Let's say,=20 > I installed FreeBSD 6.0 together with all needed -RELEASE ports/packages > (i.e., those on the CD). Running security/portaudit after a while > reveals that some of the installed packages have vulnerabilities. Am I > on my own to go grab the fresh ports tree, and upgrade the affected > software, suffering all the intricacies of the move by myself?=20 CVSUP & Portupgrade or portupdate makes this process very simple, they mana= ge=20 all the intricacies for you. Check out Dru Lavigne's article on protupgrade= =20 for a simple portupgrade how-to: http://www.onlamp.com/pub/a/bsd/2003/08/28/FreeBSD_Basics.html I update my ports with it all the time and rarely have problems.=20 If you only want to track security vulnerabilities, just portupgrade the po= rts=20 that have vulnerabilities - that would be roughly equivalent to tracking a= =20 security branch. > Debian=20 > GNU/Linux has its security package updates, OpenBSD has a separately > maintained "errata" ports branch (it's very likely you still get to > download a newer release of the software, though). > > Sorry if this is a bit OT. I've already asked this on freebsd-questions@ > but they told me there's no such thing at all. Cheers, =2D-=20 Ian gpg key: http://home.swiftdsl.com.au/~imoore/no-spam.asc --nextPart2416466.esUNh859vs Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBDqznNPUlnmbKkJ6ARAt1IAJ98kErsNP/LAh4TNrIEH/iYPtp5PgCbBN2h UlQRhP0Yacf1ZopMC5CA4Aw= =grg+ -----END PGP SIGNATURE----- --nextPart2416466.esUNh859vs--