Date: Tue, 20 Dec 2005 11:43:55 +0100 From: Melvyn Sopacua <freebsd.stable@melvyn.homeunix.org> To: freebsd-stable@freebsd.org Subject: Re: ports security branch Message-ID: <200512201143.55965.freebsd.stable@melvyn.homeunix.org> In-Reply-To: <43A7DA65.1020801@mail.ru> References: <43A7A3F7.7060500@mail.ru> <20051220083913.GA505@kierun.org> <43A7DA65.1020801@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 20 December 2005 11:18, rihad wrote: > Yann Golanski wrote: > > Quoth rihad on Tue, Dec 20, 2005 at 10:25:59 +0400 > > > >>Is there a security branch for the FreeBSD ports collection? Let's say, > >>I installed FreeBSD 6.0 together with all needed -RELEASE ports/packages > >>(i.e., those on the CD). Running security/portaudit after a while > >>reveals that some of the installed packages have vulnerabilities. Am I > >>on my own to go grab the fresh ports tree, and upgrade the affected > >>software, suffering all the intricacies of the move by myself? Debian > >>GNU/Linux has its security package updates, OpenBSD has a separately > >>maintained "errata" ports branch (it's very likely you still get to > >>download a newer release of the software, though). > > > > Attached is a script I use to update my machines. It works fine but > > you need to understand what it does and not run it blindly. DO NOT put > > that in cron, there lies pain! > > > > Otherwise, just run the script and it will update all your ports for > > you. It'll even mail you with the updated ports. > > [script snipped] > > A very interesting script for its own purpose, but I'm afraid this > doesn't answer my question at all. FreeBSD accepts limited responsibility for what is in /usr/ports. Maintaining security is not one of them. > Perhaps seeing the way that e.g. > Debian deals with the upgrade problem might shed some light on the > issue. Hell, FreeBSD does exactly that for the base world+kernel, too! > Not for the ports, though. See above. Instead of focusing on the method, focus on the end-goal: you want security updates on your ports and the script posted attempts to provide that. I had one that was safe to run in cron (in fact it ran in periodic/daily), but uses a cvs tree of ports, not cvsup to save time[1]. I lost it with a disk crash, but was going to recreate it anyway, might as well do it now if people are interested. [1] cvsup allthough faster on the entire tree cannot update a single directory. -- Melvyn Sopacua freebsd.stable@melvyn.homeunix.org FreeBSD 6.0-STABLE Qt: 3.3.5 KDE: 3.4.3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512201143.55965.freebsd.stable>