Date: Thu, 20 Nov 2003 04:30:33 -0600 From: Bryan Cassidy <b_cassidy@bellsouth.net> To: freebsd-questions@freebsd.org Subject: Re: Security question Message-ID: <20031120043033.6ebb0c87.b_cassidy@bellsouth.net> In-Reply-To: <001201c3af35$0f565730$0599a440@linuxops.com> References: <000801c3ae5b$44595cf0$0599a440@linuxops.com> <44fzgk4egj.fsf@be-well.ilk.org> <3FBBA719.5010404@dhap.com> <20031120011849.644d36fb.b_cassidy@bellsouth.net> <001201c3af35$0f565730$0599a440@linuxops.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I personally use the ports tree for installing software. To update the whole ports tree you could run cvsup -g -L 2 /usr/share/examples/cvsup/ports-supfile to get the latest ports *with* the patches for that port. You can also use cvsup to update your source (/usr/src) I also use portupgrade to update the installed ports. I have never used pkg_* because I have always felt pretty comfortable with the ports and feel no need to switch. I'm sure if openssh has some patches/fixes or whatever done to the package it will be updated so you can use it. Example. If you used the ports and gaim-8.0 came out but you only had 0.70 or whatever then all you would need to do is update your ports (like I showed u above) and do a portupgrade gaim and it would update it with the latest fixes/patches/version changes or whatever and resolve any depends. you may need. Using the ports is just a personal reference. I do recommend it though. Plesae check out this for further reading on cvsup http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html On Wed, 19 Nov 2003 23:08:06 -0800 "Kevin McKay" <kevin@dhap.com> wrote: > Thanks Bryan, > > Two other questions, if I do a pkg_add -r openssh today and then the > same command in 6 months will it always be the same precompiled binary > sitting on the server? Or are they updated with patches from time to > time? how does the openssh port binary differ from the oepnssh system > binary? I have looked all through the handbook and faq's but could not > find a definitive answer. > > Thanks > Kevin McKay > > ----- Original Message ----- > From: "Bryan Cassidy" <b_cassidy@bellsouth.net> > To: "Kevin McKay" <kevin@dhapdigital.com> > Cc: <freebsd-questions@freebsd.org> > Sent: Wednesday, November 19, 2003 11:18 PM > Subject: Re: Security question > > > > I don't know anything about using sysinstall for security > > patches/upgrades etc. WHat your looking for I think is cvsup. Please > > read the handbook on Using CVSUP to get the latests source updates, > > security patches for your release and even updating to a different > > RELEASE or -CURRENT or -STABLE. > > > > On Wed, 19 Nov 2003 09:23:37 -0800 > > Kevin McKay <kevin@dhapdigital.com> wrote: > > > > > So it will not just grab the latest patched binaries for 5.1? I am > > > not > > > > > > sure I understand. Is it just for updating between releases and > > > not for keeping the current release up to date? > > > > > > Kevin > > > > > > Lowell Gilbert wrote: > > > > > > >"Kevin McKay" <kevin@dhap.com> writes: > > > > > > > > > > > > > > > >>I have read through the documentation but have not been able to > > > >find>a definite answer. I am running a pretty core install of 5.1 > > > >minimal>+ bind9, postfix, apache, ssh, no ports collection. Here > > > >is my>question. When I run the binary update from sysinstall will > > > >that>take care of the earlier ssh vulnerability and update apache > > > >postfix>and bind to the most current version? > > > >> > > > >> > > > > > > > >You normally need to run the sysinstall from the version you're > > > >updating to. You could configure your system's sysinstall to > > > >load in the later version, and it should be compatible, but I > > > >don't know the syntax for that offhand... > > > > > > > > > > > > > > _______________________________________________ > > > freebsd-questions@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > > To unsubscribe, send any mail to > > > "freebsd-questions-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/vJfJjnOL7dYm/EQRAh42AJ9IoVVzzRF8Qb9ykPGV2twsFfpHIwCg4uMO QzUGdPvRWH7Y6Kf8NzRAIj0= =U+z7 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031120043033.6ebb0c87.b_cassidy>