From owner-freebsd-questions@FreeBSD.ORG Mon Dec 19 19:33:10 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 954D316A41F for ; Mon, 19 Dec 2005 19:33:10 +0000 (GMT) (envelope-from nalists@scls.lib.wi.us) Received: from mail.scls.lib.wi.us (mail.scls.lib.wi.us [198.150.40.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id C134343D64 for ; Mon, 19 Dec 2005 19:33:08 +0000 (GMT) (envelope-from nalists@scls.lib.wi.us) Received: from [172.26.2.238] ([172.26.2.238]) by mail.scls.lib.wi.us (8.12.9p2/8.12.9) with ESMTP id jBJJX7G1006955 for ; Mon, 19 Dec 2005 13:33:07 -0600 (CST) (envelope-from nalists@scls.lib.wi.us) Message-ID: <43A70AF3.2080101@scls.lib.wi.us> Date: Mon, 19 Dec 2005 13:33:07 -0600 From: Greg Barniskis User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <43A6CA19.5020100@mail.ru> <124C8EC79D9A6FBB2A645B28@Paul-Schmehls-Computer.local> In-Reply-To: <124C8EC79D9A6FBB2A645B28@Paul-Schmehls-Computer.local> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: ports security branch X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Dec 2005 19:33:10 -0000 Paul Schmehl wrote: > I'm not sure what you mean by "suffering all the intricacies". Cvsup > will fetch all the ports that have updates (assuming you use the right > config - man is your friend), so you really don't have to do much except > launch cvsup (if you haven't already scheduled it routinely) and then > launch portupgrade once cvsup is done. > > When I set up a new server, one of the first things I do, before > installing any applications, is run cvsup to update everything. Then I > setup cvsup to run nightly, and only then to I begin installing whatever > applications that particular server might need. I do a very similar thing only I don't cvsup/portupgrade frequently, I portaudit frequently and then cvsup/portupgrade on demand. This way is somewhat less intrusive, as there are frequently port version bumps available that are not security related and certainly not required for continuity of service. When first getting used to this stuff I thought it moderately burdensome compared to automatic binary updates, but I quickly came to understand the value of being able to choose exactly what, how and when to upgrade. All regrets soon faded. Intricacies and suffering? Sometimes yes, but not that frequently, and it's worth it. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) , (608) 266-6348