# Upgrade best practices on FreeBSD



## larynx (Mar 26, 2015)

I'm new to the FreeBSD world (moving from Debian recently), I setup a DigitalOcean VPS running FreeBSD 10.1 and I wanted to ask a question regarding package management.

I run a few websites on the VPS using nginx and mysql, a cronjob runs nightly checking for vulnerabilities in the installed packages by executing `pkg audit -F` and `pkg audit -r`. So far I've only been upgrading if any vulnerabilities are found and whenever a FreeBSD core update is released (recently upgrading to 10.1-RELEASE-p8 due to an OpenSSL issue).

I wanted to know if that is the correct way to upgrade a FreeBSD machine or should I upgrade whenever new packages are released even though I don't have any features I require in the new versions.

I searched around and couldn't find a good answer for this.

Thanks


----------



## protocelt (Mar 26, 2015)

Hi,

It looks like you're doing everything right to me. If your installed ports/packages and base system are updated to cover security vulnerabilities, and you're running a supported release, there is little need to update. Keep in mind however it's a good idea when you do choose to update your ports/packages that you install all available updates or you'll get into a situation where application and/or library dependencies can become out of sync and cause problems down the line. If you haven't already please check out the FreeBSD Handbook. It has a wealth of helpful information for new and current users alike.


----------



## Deleted member 9563 (Mar 26, 2015)

I did an upgrade a little while ago, but after running `pkg audit -F` it showed multiple vulnerabilities and finished with 
	
	



```
8 problem(s) in the installed packages found.
```
So I did another upgrade, rebooted, and ran `pkg audit -F` again. The result was the same response as before. Is there something else I should do, or is this just how it goes?


----------



## protocelt (Mar 26, 2015)

OJ said:


> I did an upgrade a little while ago, but after running `pkg audit -F` it showed multiple vulnerabilities and finished with
> 
> 
> 
> ...


AFAIK the FreeBSD packages are built and repository only updated once per week. The offending package/s may not have an update/s available yet.


----------



## larynx (Mar 26, 2015)

protocelt said:


> Hi,
> 
> It looks like you're doing everything right to me. If your installed ports/packages and base system are updated to cover security vulnerabilities, and you're running a supported release, there is little need to update. Keep in mind however it's a good idea when you do choose to update your ports/packages that you install all available updates or you'll get into a situation where application and/or library dependencies can become out of sync and cause problems down the line. If you haven't already please check out the FreeBSD Handbook. It has a wealth of helpful information for new and current users alike.



Thanks. I've been reading the handbook since I've started as a lot of search results end up at it


----------



## junovitch@ (Mar 27, 2015)

protocelt said:


> AFAIK the FreeBSD packages are built and repository only updated once per week. The offending package/s may not have an update/s available yet.



That's still the case.  You can check for yourself as the FreeBSD Poudriere is available via the web, here's the amd64 one at http://beefy2.isc.freebsd.org/.


----------

