Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 23 Jan 2009 07:50:36 -0500
From:      Gabriel Lavoie <>
To:        Svein Halvor Halvorsen <>
Cc:        RW <>,
Subject:   Re: Keeping FreeBSD updated (the binary way)
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Since I started using FreeBSD with 6.2 on my home server, I studied
this problem very well. In the default installation, there are a daily
system check script and a daily security check script included in
periodic. You can easily configure your system so e-mails are sent to
you every days with the output of the execution of those scripts
(usually sent to root). Also, freebsd-update can also be configured as
a cron job that will fetch the latest update and send you an e-mail if
core system updates are available. portsnap cron job will be executed
in the security periodic job and will tell you if any of your
installed ports need to be updated for security reasons. So...

I always check the output of those runs in my e-mails every morning or
every few days. If there is an update available from freebsd-update, I
install it and I reboot the complete server if there is an update for
the kernel or a used kernel module, or only a few services that depend
on the updated files (often sshd). About my ports, I only upgrade
those that get security notices. This way my system has been very
stable, up to date and it doesn't take too much time to maintain it in
this state. The only time where I upgrade all my ports is when I
update my entire system to a newer FreeBSD revision (7.0 -> 7.1,
etc.). I'll also likely stay on a particular revision of FreeBSD until
the security updates are ended for it. I first went from 6.2 to 6.3 on
my old server because 6.3 was flagged for long term support (2 years).
Went from 6.3 to 7.0 because I replaced my old server (Dual Pentium
II) with new hardware. And I went from 7.0 to 7.1 because some new
drivers were available to better support my new hardware (EIST on 45nm
Intel CPUs, Atheros L1E network adapter). Now my hardware is well
supported, my system is very stable and I will likely stay on 7.1
until January 2011 (end of support for security updates).

I hope it helps,


2009/1/23 Svein Halvor Halvorsen <>:
> Svein Halvor Halvorsen <> wrote:
>>> Is it possible to pkg_add -r packages from -STABLE on the latest
>>> -RELEASE? That is, will the following work, or slowly render my
>>> system to an incoherent state:
> RW wrote:
>> It'll work most of the time, but occasionally it will fail, when a
>> STABLE package relies on a library or other feature that's not in the
>> release.
>> A compromise might be to stick to the release packages, until portaudit
>> reveals a significant vulnerability and then switch to Stable until
>> the next release.
> But when that happens, should I upgrade just the one affected package, or
> grab updates for all my installed packages, to make sure all packages on the
> system is concurrent? That is, made from the same ports tree at some point
> in time.
>        Svein Halvor
> _______________________________________________
> mailing list
> To unsubscribe, send any mail to ""

Gabriel Lavoie

Want to link to this message? Use this URL: <>