http://www.daemonology.net/freebsd-update/ Binary Security Updates for FreeBSD FreeBSD Update is a system for automatically building,distributing,fetching, and applying binary security updates for FreeBSD. This makes it possible to easily track the FreeBSD security branches without the need for fetching the source tree and recompiling (except on the machine building the updates, of course). Updates are cryptographically signed; they are also distributed as binary diffs using my binary diff tool, which dramatically reduces the bandwidth used. FreeBSD Update is designed for updating systems which have started with a binary install of an official FreeBSD RELEASE, and which have not had any files recompiled locally. Prior to FreeBSD Update 1.4, if any files have been modified (or recompiled) locally, they will be silently ignored. They will not be updated. If you have recompiled any part of the FreeBSD world locally, make sure you're not running a pre-1.4 version of FreeBSD Update. FreeBSD Update 1.4 will complain about files which have been locally modified. It still can't update them; but it will print a warning message to alert you to the fact that those files may have security issues which FreeBSD Update is not patching. FreeBSD Update 1.5 adds support for updating systems which have had files recompiled locally. To use this, you must know which "distribution branch" your system has; on FreeBSD 4.x, these are "crypto", "nocrypto", "krb4", and "krb5". These correspond to the default, NOCRYPT, MAKE_KERBEROS4, and MAKE_KERBEROS5 options in make.conf. Read the included manual page for details about how to use this option. Be aware that FreeBSD Update cannot distinguish between intentionally modified files and those which have merely been recompiled. If you use this option, make sure you read the list of files shown before installing them. Version 1.4.1 of the server (update building) code is available here with MD5 hash 4979f33f1d4509fe739b0c5022c3f91b. Version 1.5 of the client (update fetching and applying) code is available from the FreeBSD ports tree as security/freebsd-update. I used to have a link to the tarball here, but lots of people managed to install it wrong; so I'm not going to link to it. The ports tree will set it up properly; take adavantage of it. (If you just want to look at the code, rather than wanting to install it... go look in the ports tree.) At present, I am building updates for 4.7-RELEASE, 4.8-RELEASE and 4.9-RELEASE. Thanks to generous donations from BSD Mall, a large number of slashdot.jp readers, and a number of other people, I now have a system with which I will be building updates for 5.0-RELEASE, 5.1-RELEASE, and 5.2-RELEASE very soon. (I've been waiting for -CURRENT to stabilize a bit.) If you find this service helpful, please consider donating to support this (and its graduate student maintainer.) I presented a paper about this at BSDCon'03; the paper is available here in postscript, pdf, and HTML formats. My presentation slides are available in PowerPoint format. For the insatiably curious, I have some usage statistics available.