From owner-freebsd-stable@FreeBSD.ORG Tue Dec 20 10:18:31 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 140FC16A41F for ; Tue, 20 Dec 2005 10:18:31 +0000 (GMT) (envelope-from rihad@mail.ru) Received: from mx1.mail.ru (mx1.mail.ru [194.67.23.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0E9943D45 for ; Tue, 20 Dec 2005 10:18:30 +0000 (GMT) (envelope-from rihad@mail.ru) Received: from [62.212.229.11] (port=47363 helo=[62.212.229.11]) by mx1.mail.ru with esmtp id 1EoeZg-0008uI-00; Tue, 20 Dec 2005 13:18:29 +0300 Message-ID: <43A7DA65.1020801@mail.ru> Date: Tue, 20 Dec 2005 14:18:13 +0400 From: rihad User-Agent: Debian Thunderbird 1.0.2 (X11/20051002) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Yann Golanski References: <43A7A3F7.7060500@mail.ru> <20051220083913.GA505@kierun.org> In-Reply-To: <20051220083913.GA505@kierun.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org Subject: Re: ports security branch X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2005 10:18:31 -0000 Yann Golanski wrote: > Quoth rihad on Tue, Dec 20, 2005 at 10:25:59 +0400 > >>Is there a security branch for the FreeBSD ports collection? Let's say, >>I installed FreeBSD 6.0 together with all needed -RELEASE ports/packages >>(i.e., those on the CD). Running security/portaudit after a while >>reveals that some of the installed packages have vulnerabilities. Am I >>on my own to go grab the fresh ports tree, and upgrade the affected >>software, suffering all the intricacies of the move by myself? Debian >>GNU/Linux has its security package updates, OpenBSD has a separately >>maintained "errata" ports branch (it's very likely you still get to >>download a newer release of the software, though). > > > Attached is a script I use to update my machines. It works fine but > you need to understand what it does and not run it blindly. DO NOT put > that in cron, there lies pain! > > Otherwise, just run the script and it will update all your ports for > you. It'll even mail you with the updated ports. > > > [script snipped] A very interesting script for its own purpose, but I'm afraid this doesn't answer my question at all. Perhaps seeing the way that e.g. Debian deals with the upgrade problem might shed some light on the issue. Hell, FreeBSD does exactly that for the base world+kernel, too! Not for the ports, though.