Re: FreeBSD Security Survey

Peter Jeremy wrote:
> One of the major problems with unattended/automatic updating is
> that it is hard to filter them.

It's hard to make a good case for automatic updates when manual
updates are so easy. The main area this could be improved on would
be in a daily report, emailed to root, detailing which installed
ports are out of date. We do this with a shell script
<http://www.roble.com/docs/cvsup-ports-rep>.

One issue with identifying out-of-date installed ports is the
port-version number. We usually ignore port-version-only updates
because it's difficult to tell what was changed and few changes
aren't detailed in /usr/ports/UPDATING.

Another issue has to do with policy regarding -release, -rc, -alpha
versioning. Too many ports maintainers think nothing of using
-pre-release versions that are usually not appropriate on -release
systems.

All that said FreeBSD's ports are still the reference
implementation, head-and-shoulders better than up2date, yum, rpm,
apt-get, or anything else out there.

-- 
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"