From owner-freebsd-stable@FreeBSD.ORG Mon May 22 13:49:37 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 739DF16A5F5 for ; Mon, 22 May 2006 13:49:37 +0000 (UTC) (envelope-from noackjr@alumni.rice.edu) Received: from smtp104.biz.mail.mud.yahoo.com (smtp104.biz.mail.mud.yahoo.com [68.142.200.252]) by mx1.FreeBSD.org (Postfix) with SMTP id 7E35543D45 for ; Mon, 22 May 2006 13:49:36 +0000 (GMT) (envelope-from noackjr@alumni.rice.edu) Received: (qmail 81110 invoked from network); 22 May 2006 13:49:35 -0000 Received: from unknown (HELO optimator.noacks.org) (noackjr@supercrime.org@24.99.22.177 with login) by smtp104.biz.mail.mud.yahoo.com with SMTP; 22 May 2006 13:49:35 -0000 Received: from localhost (localhost [127.0.0.1]) by optimator.noacks.org (Postfix) with ESMTP id 4B5006179; Mon, 22 May 2006 09:49:34 -0400 (EDT) X-Virus-Scanned: amavisd-new at noacks.org Received: from optimator.noacks.org ([127.0.0.1]) by localhost (optimator.noacks.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id l5Z-i33uJnpD; Mon, 22 May 2006 09:49:33 -0400 (EDT) Received: from compgeek.noacks.org (compgeek [192.168.1.10]) by optimator.noacks.org (Postfix) with ESMTP id F01AB60EB; Mon, 22 May 2006 09:49:32 -0400 (EDT) Received: from [127.0.0.1] (localhost [127.0.0.1]) by compgeek.noacks.org (8.13.6/8.13.6) with ESMTP id k4MDnTfD016370; Mon, 22 May 2006 09:49:30 -0400 (EDT) (envelope-from noackjr@alumni.rice.edu) Message-ID: <4471C163.9060509@alumni.rice.edu> Date: Mon, 22 May 2006 09:49:23 -0400 From: Jonathan Noack User-Agent: Thunderbird 1.5.0.2 (X11/20060422) MIME-Version: 1.0 To: Marian Hettwer References: <4471361B.5060208@freebsd.org> <20060521231657.O6063@abigail.angeltread.org> <44714FBB.4000603@samsco.org> <44718700.2060102@kernel32.de> In-Reply-To: <44718700.2060102@kernel32.de> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=991D8195; url=http://www.noacks.org/cert/noackjr.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig619E4558B422EB6C3AE4F158" Cc: FreeBSD Stable , Brent Casavant , Colin Percival Subject: Re: FreeBSD Security Survey X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: noackjr@alumni.rice.edu List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2006 13:49:42 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig619E4558B422EB6C3AE4F158 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable On 05/22/06 05:40, Marian Hettwer wrote: > Scott Long wrote: >>> Brent Casavant wrote: >>>> While I find ports to be the single most useful feature of the FreeB= SD >>>> experience, and can't thank contributors enough for the efforts, I o= n >>>> the other hand find updating my installed ports collection (for secu= rity >>>> reasons or otherwise) to be quite painful. I typically use portupgr= ade >>>> to perform this task. On several occasions I got "bit" by doing a >>>> portupgrade which wasn't able to completely upgrade all dependencies= >>>> (particularly when X, GUI's, and desktops are in the mix -- though I= >>>> always follow the special Gnome upgrade methods when appropriate). >=20 > Like Scott pointed out below, stick with either building from source, o= r > using packages. Mixing them may have strange side effects. > To give an example. > I usually use portupgrade without using packages. But last time I neede= d > to update my ports (on a production server, though private not corporat= e > server), I used portupgrade -P (to use packages if available). > It updated php, using packages, but unluckily the packages were built > against apache13. I'm using apache20, so my php installation was > trashed. Argh. > But even more painful is the fact that portupgrade _always_ fails on > some perl modules. Usually p5-XML-Parser. I don't know why, but it's > annoying... Dropping security@... Odd, I just did a 'portupgrade -fm "-s" p5-XML-Parser' and it worked fine. Note that I included the '-m "-s"' because it sometimes causes port build breakage for me (postfix comes to mind). Perhaps a 'portupgrade -Rf p5-XML-Parser' is in order? The only dependencies are perl and expat, so a recursive rebuild shouldn't take too long. My persistent port build breakages (that weren't caused by an error in the port) have always been resolved by rebuilding all dependencies or removing '-m "-s"'. -Jonathan --=20 Jonathan Noack | noackjr@alumni.rice.edu | OpenPGP: 0x991D8195 --------------enig619E4558B422EB6C3AE4F158 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEccFpUFz01pkdgZURAsWPAJ9US1u6lNSmqX9uBrJYrcjamJaTqgCePsiQ 5G7ndZr4VGCci+dOBHtW+pY= =OIjd -----END PGP SIGNATURE----- --------------enig619E4558B422EB6C3AE4F158--