Linked by Thom Holwerda on Mon 22nd May 2006 17:41 UTC, submitted by Joel Dahl
FreeBSD "The Security Team has been concerned for some time by anecdotal reports concerning the number of FreeBSD systems which are not being promptly updated or are running FreeBSD releases which have passed their End of Life dates and are no longer supported. In order to better understand which FreeBSD versions are in use, how people are (or aren't) keeping them updated, and why it seems so many systems are not being updated, I have put together a short survey of 12 questions. The information gathered will inform the work done by the Security Team, as well as my own personal work on FreeBSD this summer."
Thread beginning with comment 126997
To read all comments associated with this story, please click here.
RE: Updates
by manix on Mon 22nd May 2006 20:38 UTC
manix
Member since:
2006-05-13

FreeBSD also lets you do binary updates with "freebsd-update" http://www.daemonology.net/freebsd-update

recompiling the kernel on a production machine is no problem at all. The servers keeps running while the upgrade is done. It has only to be rebooted once that shouldn't take more than 30 seconds. The core system is quite stable and kernel upgrades don't have to be done very often.

The main drawback of the FreeBSD upgrading process, is upgrading the ports. I don't know a ways to tell it to update only security issues, like what i do with Debian. You have to basically upgrade them all to the latest release and that can take a while. But this isn't a really big problem since the server keeps running during the upgrade.

Reply Score: 2

RE[2]: Updates
by timg on Mon 22nd May 2006 21:39 in reply to "RE: Updates"
timg Member since:
2006-05-22

Use portaudit to check for security issues and just upgrade the ones with problems.

All of my systems email me a daily security report that tells me what has a security problem. I believe that is actually part of the default install.

It's a fairly simple process to go upgrade with portupgrade. I automate it on my home network via cron. I still do it manually on the servers as I'm opposed to automating software installation on servers. ;)

Reply Parent Score: 3