From owner-freebsd-questions@FreeBSD.ORG Fri Jul 2 19:55:26 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 36F0D1065673 for ; Fri, 2 Jul 2010 19:55:26 +0000 (UTC) (envelope-from edflecko@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 00DEC8FC16 for ; Fri, 2 Jul 2010 19:55:25 +0000 (UTC) Received: by iwn35 with SMTP id 35so1598607iwn.13 for ; Fri, 02 Jul 2010 12:55:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=Al/l7bSt4KLJs1KRObou/P/ZptgscRoj/0b/cxmdQSg=; b=cNrNQ+9y8LlplzK9/moQGkx/zxrW6H3GGuoMGKDeriSybxhCrv8odKvdHWVItrQqle iq3D9tTFAbDZT0nbZp+MnqL5jkKdW9FCC67soNsf9V5TZCbIE1wCzDsFehBr9orh825O WEzGmGaLuolfJtYc7TYlh0xRhWGdNlUxTTX3g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=thSuGQj5WYWS6V9j7sH0Z3yI1CRngL9zJbqveqii//+EhVuL6eOsjJ+QZTxmhaFiry nuj7rTE13DTyOnt+qJXtaWChWirU/+vj6+crzBHNeInyKAK3uKWOQe5zr0Qpz0OueGd2 erzX95VzQxddRHBQshRjtiQGE+C4BrnbgsYxk= MIME-Version: 1.0 Received: by 10.231.119.229 with SMTP id a37mr1342539ibr.169.1278100525184; Fri, 02 Jul 2010 12:55:25 -0700 (PDT) Received: by 10.231.210.201 with HTTP; Fri, 2 Jul 2010 12:55:25 -0700 (PDT) Date: Fri, 2 Jul 2010 12:55:25 -0700 Message-ID: From: Ed Flecko To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Staying up to date with security patches X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jul 2010 19:55:26 -0000 Hi folks, I've carefully read many different sources about keeping FreeBSD up to date, and I'm not quite "crystal-clear". I'm building a server with 8.0, and because it's a server, it will have very little software installed on it (probably Apache, maybe BIND, etc.), and my primary concern is that it's stable and secure from a "patching perspective" (I'll work on "hardening" the OS later). Since I will be doing a custom kernel at some point, I won't use freebsd-update, I'm using cvsup instead. If I understand the docs correctly, I want my "supfile" (in my case, I'm simply modifying "stable-supfile") file to have an entry like: *default release=cvs tag=RELENG_8_0 1.) The _0 will keep me up to date with the security patches, which is what I'm after, right? 2.) How often "should" one synchronize your server (PC, etc.)? You don't need to do it daily with cron, do you? I've subscribed to the FreeBSD security update list, so that's probably the only time one really needs to synchronize, rebuild, etc., isn't it? 3.) What's the smartest way to keep your installed applications updated (i.e., Apache, BIND, etc.)? 4.) Finally, where's the best URL to scour past FreeBSD posts/answers? Thank you! Ed