From owner-freebsd-stable@FreeBSD.ORG Mon May 22 10:47:07 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8999616A42B; Mon, 22 May 2006 10:47:07 +0000 (UTC) (envelope-from killing@multiplay.co.uk) Received: from multiplay.co.uk (core6.multiplay.co.uk [85.236.96.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id F235143D5C; Mon, 22 May 2006 10:47:05 +0000 (GMT) (envelope-from killing@multiplay.co.uk) Received: from vader ([212.135.219.179]) by multiplay.co.uk (multiplay.co.uk [85.236.96.23]) (MDaemon.PRO.v8.1.3.R) with ESMTP id md50002582642.msg; Mon, 22 May 2006 11:46:11 +0100 Message-ID: <009101c67d8c$ee013db0$b3db87d4@multiplay.co.uk> From: "Steven Hartland" To: "Brent Casavant" , "Colin Percival" References: <4471361B.5060208@freebsd.org> <20060521231657.O6063@abigail.angeltread.org> Date: Mon, 22 May 2006 11:45:57 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 X-Spam-Processed: multiplay.co.uk, Mon, 22 May 2006 11:46:11 +0100 (not processed: message from valid local sender) X-MDRemoteIP: 212.135.219.179 X-Return-Path: killing@multiplay.co.uk X-MDAV-Processed: multiplay.co.uk, Mon, 22 May 2006 11:46:13 +0100 Cc: freebsd security , FreeBSD Stable Subject: Re: FreeBSD Security Survey X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2006 10:47:07 -0000 Brent Casavant wrote: > On Sun, 21 May 2006, Colin Percival wrote: > So, in short, that's why *I* rarely update ports for security reasons. > > There are steps that could be taken at the port maintenance level that > would work well for my particular case, however that's beyond the > scope of the survey. Thanks for taking the time put the survey > together, I certainly hope it proves useful. Perfectly put there Brent portupgrade is all very powerful but: * Take an absolute age to do anything but the simplest updates * Often fails and needs significant manual fixing Here its usually 100 times quicker to just do: pkg_info | awk '{print $1}' > packages.txt cat packages.txt | xargs pkg_delete -f cat packages.txt | xargs pkg_add -r This at least brings you up to a known good set. Alternatively I also use something similar but build from ports the problem with that is often the ports need to be built with custom options to get back to how you started so unless you where very maticuls in noting down the options to every port on every machine you installed something often goes wrong :( On good example of portupgrade "going off on one" is a simple upgrade of mtr we dont install any X on our machines so mtr-nox11 is installed. Whenever I've tried portupgrade in the past its always trolled of and started downloading and build the behemoth that is X, CTRL+C hence always ensues and I forget about upgrading until I really HAVE to. Steve ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone (023) 8024 3137 or return the E.mail to postmaster@multiplay.co.uk.