From owner-freebsd-questions@FreeBSD.ORG Mon Jan 23 20:35:35 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73CE51065674 for ; Mon, 23 Jan 2012 20:35:35 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr11.xs4all.nl (smtp-vbr11.xs4all.nl [194.109.24.31]) by mx1.freebsd.org (Postfix) with ESMTP id 06E888FC14 for ; Mon, 23 Jan 2012 20:35:34 +0000 (UTC) Received: from slackbox.erewhon.net (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr11.xs4all.nl (8.13.8/8.13.8) with ESMTP id q0NKZ2Z9035005; Mon, 23 Jan 2012 21:35:02 +0100 (CET) (envelope-from rsmith@xs4all.nl) Received: by slackbox.erewhon.net (Postfix, from userid 1001) id 73B8912368; Mon, 23 Jan 2012 21:35:02 +0100 (CET) Date: Mon, 23 Jan 2012 21:35:02 +0100 From: Roland Smith To: Victor Sudakov Message-ID: <20120123203502.GC32692@slackbox.erewhon.net> References: <20120123103232.GA79175@admin.sibptus.tomsk.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2/5bycvrmDh4d1IB" Content-Disposition: inline In-Reply-To: <20120123103232.GA79175@admin.sibptus.tomsk.ru> X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-questions@freebsd.org Subject: Re: portmaster best practices X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2012 20:35:35 -0000 --2/5bycvrmDh4d1IB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 23, 2012 at 05:32:33PM +0700, Victor Sudakov wrote: > Hello portmaster users, >=20 > If portaudit shows that some installed packages have vulnerabilities, > what do you usually do? It depends on the vulnerability and what the package does. I will de-install it if I think that the vulnerability is critical for me and there is no workaround. Look at freshports [http://www.freshports.org/commits.php] regularly to see= if updates for vulnerable packages are available. Generally I like to run 'portsnap fetch update' followed by 'portmaster -ai' (after reading /usr/ports/UPDATING) every week. This keeps the number of hu= ge compilefests (like gettext updates :-() to a minimum. For efficiency, I tend to keep one machine up-to-date in that way, and use rsync to then distribute the changes in /usr/local to my other machines. Th= is only works for machines that are on the same major FreeBSD version and architecture, of course. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --2/5bycvrmDh4d1IB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk8dxHYACgkQEnfvsMMhpyVM1wCgiNuBKVr3urE7qkp11lpsmBR3 6U8An1QupwxyFo1mwN8riZKqyz0GNm9j =JtAF -----END PGP SIGNATURE----- --2/5bycvrmDh4d1IB--