Date: Fri, 23 Jan 2009 07:50:36 -0500 From: Gabriel Lavoie <glavoie@gmail.com> To: Svein Halvor Halvorsen <svein.h@lvor.halvorsen.cc> Cc: RW <rwmaillists@googlemail.com>, freebsd-questions@freebsd.org Subject: Re: Keeping FreeBSD updated (the binary way) Message-ID: <d05df8620901230450vd4c802bs7b35a9b1f3796f0f@mail.gmail.com> In-Reply-To: <4979867A.7010805@lvor.halvorsen.cc> References: <49791625.7000806@lvor.halvorsen.cc> <20090123011412.1b4dfa5a@gumby.homeunix.com> <4979867A.7010805@lvor.halvorsen.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
Since I started using FreeBSD with 6.2 on my home server, I studied this problem very well. In the default installation, there are a daily system check script and a daily security check script included in periodic. You can easily configure your system so e-mails are sent to you every days with the output of the execution of those scripts (usually sent to root). Also, freebsd-update can also be configured as a cron job that will fetch the latest update and send you an e-mail if core system updates are available. portsnap cron job will be executed in the security periodic job and will tell you if any of your installed ports need to be updated for security reasons. So... I always check the output of those runs in my e-mails every morning or every few days. If there is an update available from freebsd-update, I install it and I reboot the complete server if there is an update for the kernel or a used kernel module, or only a few services that depend on the updated files (often sshd). About my ports, I only upgrade those that get security notices. This way my system has been very stable, up to date and it doesn't take too much time to maintain it in this state. The only time where I upgrade all my ports is when I update my entire system to a newer FreeBSD revision (7.0 -> 7.1, etc.). I'll also likely stay on a particular revision of FreeBSD until the security updates are ended for it. I first went from 6.2 to 6.3 on my old server because 6.3 was flagged for long term support (2 years). Went from 6.3 to 7.0 because I replaced my old server (Dual Pentium II) with new hardware. And I went from 7.0 to 7.1 because some new drivers were available to better support my new hardware (EIST on 45nm Intel CPUs, Atheros L1E network adapter). Now my hardware is well supported, my system is very stable and I will likely stay on 7.1 until January 2011 (end of support for security updates). I hope it helps, Gabriel 2009/1/23 Svein Halvor Halvorsen <svein.h@lvor.halvorsen.cc>: > Svein Halvor Halvorsen <svein.h@lvor.halvorsen.cc> wrote: >>> >>> Is it possible to pkg_add -r packages from -STABLE on the latest >>> -RELEASE? That is, will the following work, or slowly render my >>> system to an incoherent state: > > RW wrote: >> >> It'll work most of the time, but occasionally it will fail, when a >> STABLE package relies on a library or other feature that's not in the >> release. >> >> A compromise might be to stick to the release packages, until portaudit >> reveals a significant vulnerability and then switch to Stable until >> the next release. > > But when that happens, should I upgrade just the one affected package, or > grab updates for all my installed packages, to make sure all packages on the > system is concurrent? That is, made from the same ports tree at some point > in time. > > > Svein Halvor > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- Gabriel Lavoie glavoie@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d05df8620901230450vd4c802bs7b35a9b1f3796f0f>