On Mon, Jan 23, 2012 at 05:32:33PM +0700, Victor Sudakov wrote: > Hello portmaster users, > > If portaudit shows that some installed packages have vulnerabilities, > what do you usually do?
It depends on the vulnerability and what the package does. I will de-install it if I think that the vulnerability is critical for me and there is no workaround. Look at freshports [http://www.freshports.org/commits.php] regularly to see if updates for vulnerable packages are available. Generally I like to run 'portsnap fetch update' followed by 'portmaster -ai' (after reading /usr/ports/UPDATING) every week. This keeps the number of huge compilefests (like gettext updates :-() to a minimum. For efficiency, I tend to keep one machine up-to-date in that way, and use rsync to then distribute the changes in /usr/local to my other machines. This only works for machines that are on the same major FreeBSD version and architecture, of course. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
pgpWzSSkojAqm.pgp
Description: PGP signature