Re: FreeBSD Security Survey

On Sun, 21 May 2006, Colin Percival wrote:

In order to better understand
which FreeBSD versions are in use, how people are (or aren't) keeping
them updated, and why it seems so many systems are not being updated, I
have put together a short survey of 12 questions.

I applaud this survey, however question 9 missed an important point,
at least to me. I was torn between answering "less than once a month"
and "I never update".

While I find ports to be the single most useful feature of the FreeBSD
experience, and can't thank contributors enough for the efforts, I on
the other hand find updating my installed ports collection (for security
reasons or otherwise) to be quite painful. I typically use portupgrade
to perform this task. On several occasions I got "bit" by doing a
portupgrade which wasn't able to completely upgrade all dependencies
(particularly when X, GUI's, and desktops are in the mix -- though I
always follow the special Gnome upgrade methods when appropriate).

I can't rule out some form of pilot error, but the end result was pain.

After several instances of unsatisfactory portupgrades (mostly in the
5.2 through early 5.4 timeframe), I adopted the practice of either not
upgrading ports at all for the life of a particular installation on a
machine (typically about one year), or when necessary by removing *all*
ports from the machine, cvsup'ing, and reinstalling. This has served
me quite well, particularly considering the minimal threat profile these
particularly systems face.

So, in short, that's why *I* rarely update ports for security reasons.

There are steps that could be taken at the port maintenance level that
would work well for my particular case, however that's beyond the scope
of the survey. Thanks for taking the time put the survey together, I
certainly hope it proves useful.

Thank you,
Brent Casavant
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: FreeBSD Security Survey
    ... I applaud this survey, however question 9 missed an important point, ... While I find ports to be the single most useful feature of the FreeBSD ... always follow the special Gnome upgrade methods when appropriate). ...
    (freebsd-stable)
  • Re: Hosed up ports systems
    ... > want to upgrade their ports. ... On the other hand you may recognize that the FreeBSD ports people ... Such enhancements are precisely contemplated by the ...
    (comp.unix.bsd.freebsd.misc)
  • Re: portupgrade -af on FreeBSD 5.3 and I get two conftest signal 12 core dumps ?!!
    ... > I've recently migrated to FreeBSD 5.3. ... > ports anyway. ... > .core file, I can't find any on my hard drive anywhere! ... work directory which gets cleaned up automatically during the upgrade. ...
    (freebsd-current)
  • Re: How do YOU stay up to date?
    ... > colleagues who also want to switch to FreeBSD. ... > I now understand how to use cvsup to keep my src and ports tree current. ... upgrade is warranted. ...
    (freebsd-questions)
  • RELEASE or STABLE for production server/remote update over ssh
    ... The ports collections says: ... During my experiments with FreeBSD I twice ... tried to upgrade the system. ... what BSD version (STABLE/RELEASE/CURRENT) are you ...
    (comp.unix.bsd.freebsd.misc)