Date: Fri, 9 Feb 2007 19:20:36 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-chat@FreeBSD.ORG, kdk@daleco.biz Subject: Re: Productivity with FBSD, or: "portupgrade" vs. virus scans.... Message-ID: <200702091820.l19IKawI064305@lurza.secnetix.de> In-Reply-To: <45C8CB7B.5090200@daleco.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
Kevin Kinsey wrote: > [...] NB: I'm using FreeBSD for more than 10 years, and I've done hundreds of FreeBSD installations over the years, both privately and for my job. When portupgrade appeared (about 5 years ago, I think), I tried it for a while, hoping it would make things easier. It didn't. In fact, more than once it broke, somtimes subtly, sometimes horribly. I have to admit that I also don't like Ruby that much. So I stopped using portupgrade privately, and I also try to avoid it in my job, unless customers or coworkers insist on using it on particular machines. > If you're a desktop FBSD user: > > How do you keep up with ports? Like I've always done before portupgrade existed. Note that I'm a conservative update: I never update just because a new version exists ("never change a running system"). I only update if there is a _good_ reason to do so, such as security issues, critical bug fixes, or features that I need. I don't trust portupgrade or any other automatic tool to decide correctly for me which ports should be updated and which ports should not be touched. Yes, I'm aware that's configurable with portup- grade, but that doesn't solve the problem. > *Do you have (or have you, at some time, had) much trouble? Yes, I had. During the time I used portupgrade. :-) > *If you have trouble, do you accept it as a "cost" of using FreeBSD? No. Only Windows users have to accept what they have, because they have no choice. But we have an open-source system, so if something troubles us, we can improve it. If one tool doesn't float your boat, use a different one. if you can't find one, create your own. > How often do you upgrade your ports/packages? See above. There are no fixed time intervals for updates. I watch the output of portaudit for security issues, and if there are some, I update the affected ports. I also update when I need a bug fix or feature. Watching the cvs commits or the ports mailing list or the freshports web site can be useful. > Any suggestions on what I might do differently? > > *Should I quit updating FBSD except for major point releases? There's no easy answer. It depends on your requirements. I can tell you what I think is right for me, but that's not necessarily the right thing for you. You need to decide for yourself. > *Should we upgrade the server-type ports and leave the desktop apps > alone when we get a "stable" configuration there? I really can't give generic advice there. > *How dangerous is it to be using outdated ports (particularly the > servers)? If there are no security issues, it's not dangerous at all. To be informed about security issues, I recommend that you install the "portaudit" port. Then you will get security warnings in your nightly cron mail if there are any issues with your installed ports. For my convenience I wrote a few small shell scripts. They work on a stock FreeBSD base system and don't require Ruby or anything else. The first one runs via cron job every night and updates /usr/ports with cvsup, provided that there are no "work" directories. If there are any "work" directories, the script doesn't touch anything and instead sends me an e-mail to tell me about it, so I can clean up if necessary. The second script updates a single port (also installs any dependencies if necessary), checks for shared libraries and saves them if necessary, and it preserves the "required_by" information of the ports, if any. It's conservative in that it does not touch anything that doesn't have to be touched. Actually I wrote the scripts for myself only and didn't plan to officially release them to the public, but here they are nevertheless. Maybe they're useful to somebody. http://www.secnetix.de/~olli/scripts/ports-check-update http://www.secnetix.de/~olli/scripts/portsup Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, USt-Id: DE204219783 Any opinions expressed in this message are personal to the author and may not necessarily reflect the opinions of secnetix GmbH & Co KG in any way. FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." -- RFC 1925
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200702091820.l19IKawI064305>