DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th September 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default is it a good security practice to always pkg_add -u after an upgrade ?

Hi all !

Is it a good security/reliability practice to always pkg_add -u after an upgrade ?
Sometimes , having more than one box to upgrade/update .. when I don't have time I just update a few packages ..
Reply With Quote
  #2   (View Single Post)  
Old 16th September 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,686
Thanked 214 Times in 189 Posts
Default

The ports tree does not undergo an audit -- therefore, an upgrade of all your packages runs the risk of introducing new problems, some of which may have security implications.

Of course, some of the updates made to the ports tree have been to fix known problems.

An informed admin will subscribe to applicable mailing lists, such as ports-security@, ports-bugs@, ports-changes@, and ports@.
Reply With Quote
  #3   (View Single Post)  
Old 16th September 2012
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

I concur with jggimi - "always" is a dangerous word.

You care about your system, so be sure that what you add to it is actually necessary or helpful to that system.

Examples in other parts of the IT industry:
  • phone software
    On my android phone I always see that there are updates to the apps that I have installed- when I see things like "added new platform availability" or other nonsense that doesn't apply to my usage, I skip it (in that instance it is obviously already running on my platform ).
  • network gear
    If you work in the networking world and use Juniper, you'll notice that the JTAC will give recommendations on which version of JUNOS to install on your platform. It is almost always never the latest release. In the case of managing your OpenBSD systems, you are your own JTAC.

Do your homework, run a tight ship, and always keep your ear to the ground. Your system (and maybe even those awful, awful users ) will thank you in terms of reliability and uptime, and hey, maybe even performance.

It also doesn't hurt to ask questions here or on the mailing lists, as others may have reaped benefits or pain for something you are possibly considering.
__________________
Network Firefighter
Reply With Quote
  #4   (View Single Post)  
Old 17th September 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

@jggimi , @ai-danno , thank you so much ! interestingly helpful hints ..
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
pkg_add times out (?) Daffy OpenBSD Packages and Ports 0 27th July 2012 09:41 PM
pkg_add --PREFIX ? sharris FreeBSD General 2 25th July 2011 04:31 PM
My version of pkg_add :) DNAeon FreeBSD Ports and Packages 26 15th October 2008 06:58 AM
pkg_add g95;g95 x.f95: cannot find g95 enpey OpenBSD Packages and Ports 8 27th August 2008 12:48 AM
pkg_add error buba OpenBSD Packages and Ports 4 13th June 2008 03:29 PM


All times are GMT. The time now is 10:15 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick