Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Mar 2006 14:37:52 -0500
From:      Randy Pratt <bsd-unix@comcast.net>
To:        chris@chrismaness.com
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Tracking Security in Ports and Base System
Message-ID:  <20060301143752.aafe3226.bsd-unix@comcast.net>
In-Reply-To: <50124.67.126.165.122.1141236591.squirrel@squirrel.kq6up.org>
References:  <43EA9782.7060708@chrismaness.com> <20060208203027.H73762@tripel.monochrome.org> <50124.67.126.165.122.1141236591.squirrel@squirrel.kq6up.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 1 Mar 2006 10:09:51 -0800 (PST)
chris@chrismaness.com wrote:

> > On Wed, 8 Feb 2006, Chris Maness wrote:
> >
> >> How should I set up cvsup to just track security updates for ports. And
> would the best thing to do after I synced CVS, do portupgrade -a so
> that everything selected gets rebuilt.
> >
> > I'm not sure there is a way to do this for ports, other than manually
> checking what's been changed and whether you consider that to be a
> security upgrade, then upgrading each applicable port by hand. As far as
> I understand, there is only one tag for ports ("tag=."), which gets you
> the "current" ports tree. I *can* guarantee that others know more about
> this than I do.

There is a port which does this for you (security/portaudit):

  portaudit provides a system to check if installed ports are
  listed in a database of published security vulnerabilities.

  After installation it will update this security database
  automatically and include its reports in the output of the
  daily security run.

> >> What is the equivalent for the base system?
> >
> > Much simpler: just track RELENG_your_release to get security updates and
> bug fixes and nothing else. For example, mine is RELENG_5_4 and
> > therefore tracks 5.4-RELEASE.

Additionally, I'd suggest subscribing to one of these mailing list so
that you are notified when a SA is issued:

  security-advisories@freebsd.org
  freebsd-announce@freebsd.org

HTH,

Randy
--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060301143752.aafe3226.bsd-unix>