Date: Mon, 14 Jun 2004 01:39:45 -0400 From: Randy Pratt <rpratt1950@earthlink.net> To: Ladislav Bodnar <distro.watch@msa.hinet.net> Cc: Haim Ashkenazi <haim@babysnakes.org> Subject: Re: keeping my freebsd secure... THANX Message-ID: <20040614013945.7fd2e3c1.rpratt1950@earthlink.net> In-Reply-To: <200406141131.51215.distro.watch@msa.hinet.net> References: <pan.2004.06.12.09.01.59.52173@babysnakes.org> <Pine.LNX.4.58.0406132246220.10258@sparc64.devnet.co.uk> <1087170692.20776.16.camel@parker.babysnakes.org> <200406141131.51215.distro.watch@msa.hinet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 14 Jun 2004 11:31:51 +0800 Ladislav Bodnar <distro.watch@msa.hinet.net> wrote: > On Monday 14 June 2004 07:51, Haim Ashkenazi wrote: > > what's you're saying is very disturbing... I only moved to FreeBSD > > because debian stable releases a new version once in a long time > > (more > > I am in the same situation as you. But I am wondering - what happens if > you just run the installation program from within an existing > installation and update the binary packages to the latest release (say, > your server is running 4.9, but you want to upgrade to 4.10). Is this a > good way of going about upgrading, or am I just completely off my > rocko? > > (I know this doesn't address the issue of security fixes, but at least > you could get your PHP up to a newer version). > > In all honesty, I don't feel confident about upgrading an entire system > by compiling from sources. Maybe it's because I've been bitten by > upgrade problems on Gentoo, but also because, from whatever little > experience I have with FreeBSD, compiling from sources can fail on > FreeBSD too. My logic dictates that the binary packages provided with a > RELEASE are well-tested, so that everything works together nicely. Why > bother with compiling? > > Anybody cares to comment? I've been using FreeBSD since 2.2.5 and I've never had any issues updating the operating system from sources. The FreeBSD Handbook covers each step of the process so that it is pretty much just follow the instructions. Its really not a hard process but it does require some practice until you get comfortable with the steps. I update my ports on a daily basis. I find its much easier if its done in smaller increments than waiting until you have several hundred applications out of date. Typically, this takes less than an hour each day with no downtime. Sometimes I have to restart applications that may have been running but that's a minor issue. Sometimes there are issues with ports building. If an application fails to build during portupgrade, then the old version is restored. If there are minor issues, I've found the ports people very helpful in pointing me in the right direction to resolve issues. If its a very popular port, chances are that it will be fixed very quickly. I avoid binary updates and packages entirely. I prefer to build in my local environment with the customizations I want. With binaries, you're pretty much limited to what someone else has decided are the defaults. Additionally, you have to wait on someone to build those for you. These limitations don't exist with a source approach. With sources, there is also the option to peruse the sources and make local modifications as you desire. Some people prefer binary updates and they suit their purposes. If you're on a dial-up connection or its a huge application (like Open Office), it might make more sense to use packages. The tools to handle these processes are being improved all the time. They are light years ahead of where they were at in FreeBSD 2.2.5! Granted, it does take some time to learn the tools and the process, but it pays off in the long run. If you stay within the guidlines for building the operating system and ports, then you should have minimal trouble maintaining a stable and secure system. Best regards, Randy --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040614013945.7fd2e3c1.rpratt1950>