From owner-freebsd-questions@FreeBSD.ORG Tue Jan 24 08:49:08 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C7343106566B for ; Tue, 24 Jan 2012 08:49:08 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (relay2.tomsk.ru [212.73.124.8]) by mx1.freebsd.org (Postfix) with ESMTP id 0F4E58FC08 for ; Tue, 24 Jan 2012 08:49:07 +0000 (UTC) X-Virus-Scanned: by clamd daemon 0.93.1 for FreeBSD at relay2.tomsk.ru Received: from admin.sibptus.tomsk.ru (account sudakov@sibptus.tomsk.ru [212.73.125.240] verified) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.13) with ESMTPSA id 23370267 for freebsd-questions@freebsd.org; Tue, 24 Jan 2012 15:49:06 +0700 Received: from admin.sibptus.tomsk.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.tomsk.ru (8.14.5/8.14.5) with ESMTP id q0O8n5Hg099437 for ; Tue, 24 Jan 2012 15:49:05 +0700 (NOVT) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.tomsk.ru (8.14.5/8.14.5/Submit) id q0O8n5a0099436 for freebsd-questions@freebsd.org; Tue, 24 Jan 2012 15:49:05 +0700 (NOVT) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.tomsk.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Tue, 24 Jan 2012 15:49:05 +0700 From: Victor Sudakov To: freebsd-questions@freebsd.org Message-ID: <20120124084905.GB99094@admin.sibptus.tomsk.ru> References: <20120123103232.GA79175@admin.sibptus.tomsk.ru> <20120123203502.GC32692@slackbox.erewhon.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120123203502.GC32692@slackbox.erewhon.net> Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.livejournal.com/pubkey.bml?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: portmaster best practices X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jan 2012 08:49:08 -0000 Roland Smith wrote: > > > > If portaudit shows that some installed packages have vulnerabilities, > > what do you usually do? > > It depends on the vulnerability and what the package does. I will de-install > it if I think that the vulnerability is critical for me and there is no > workaround. > > Look at freshports [http://www.freshports.org/commits.php] regularly to see if > updates for vulnerable packages are available. This is pretty obvious and I run portsnap from cron. > > Generally I like to run 'portsnap fetch update' followed by 'portmaster -ai' > (after reading /usr/ports/UPDATING) every week. This keeps the number of huge > compilefests (like gettext updates :-() to a minimum. Has portmaster ever screwed things up for you? > > For efficiency, I tend to keep one machine up-to-date in that way, > and use rsync to then distribute the changes in /usr/local to my > other machines. This only works for machines that are on the same > major FreeBSD version and architecture, of course. That's interesting. Do you also rsync /var/db/pkg ? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru