Date: Sat, 13 Mar 2004 14:35:54 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Peter <peter@hostmansion.com> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD update Message-ID: <20040313143554.GA886@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <008a01c40903$40417500$0201a8c0@BGSOFX04> References: <008a01c40903$40417500$0201a8c0@BGSOFX04>
next in thread | previous in thread | raw e-mail | index | archive | help
--PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Mar 13, 2004 at 03:58:22PM +0200, Peter wrote: > I have read the book Absolute FreeBSD and browse the documentation . Howe= ver > security announcements are only for the base system. When some sort of > library e.g libxml has bug and have to be patched. . In the Linux world > there apt-get or up2date that take care ALL UPDATES. So following this > article > http://www.onlamp.com/pub/a/bsd/2003/08/28/FreeBSD_Basics.html > will that guarantee that EVERY package or port is up2date wilt my system.= Is this > the best way to do it ? I want to patch my system everyday. With debian = or RedHat there is no need to go to vendors site - security NOTIFICATIONS = are sent to you directly by RedHat or Debian...=20 Yes. cvsup+portupgrade is the best, most convenient method for keeping your system up to date. Running daily updates is simple and easy. It's also (IMHO) more effective, quicker reacting and works more smoothly than the package based systems you mention. Although Debian's apt-get is really good. You're right that there aren't separate security notifications for 3rd party packages. That's because the FreeBSD project just doesn't have the resources to provide such notifications, and there's also a clear divide in FreeBSD between what is part of the system and what isn't. There will almost always be mentions of severe vulnerabilities on the various FreeBSD mailing lists, or in the commit messages in the ports CVS. There will be discussion of general problems on the specific -announce or -security or whatever lists for the specific software packages and on the general lists like Bugtraq. That divide between system and 3rd party doesn't exist or is nothing like as clear in any Linux distibution: don't assume that just because Linux does things that way that it must be right. Compare, for example what happen with Solaris, where security alers are issued for the basic Solaris system and for the many other software packages that Sun distributes. There aren't any notifications that come out of Sun for commonly used free or commercial packages that most Sun sites will install as a matter of course; and for essentially the same reasons as the FreeBSD case -- it's uneconomic to try and track everything. Cheers, Matthew =20 --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --PNTmBPCT7hxwcZjr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAUxxKdtESqEQa7a0RArrcAJ48Czvl59NY47GdEmJ0caA4YwoLRwCeLbpe egau8ojQqTE7d5JOh+3ammo= =JlJR -----END PGP SIGNATURE----- --PNTmBPCT7hxwcZjr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040313143554.GA886>