# how often should i upgrade Gentoo

## farmer.ro

Hello!

i run Gentoo ~amd64 with XFCE, and every morning i update the system with emerge.

but to be honest i am sometimes a bit tired from updating daily, and i would like to know:

off course i would like to stay up to date as much as possible to enhance the security, but updating everyday seems a bit too much for me.

How often should i upgrade the software on a Gentoo ~amd64 system? should i do it daily? weekly? once every two weeks?

----------

## fedeliallalinea

 *farmer.ro wrote:*   

> How often should i upgrade the software on a Gentoo ~amd64 system? should i do it daily? weekly? once every two weeks?

 

There isn't a rule. I personally read atom feed for updated packages and then I decide if a update is needed

----------

## axl

I use a daily cron script. emerge --sync; emerge -NuvD --with-bdeps=y @world and read the mails in the morning. If something went wrong I go and fix it. If not... then everything is ok.

----------

## NeddySeagoon

farmer.ro,

I run my own rsync server.  That updates daily at 3:00AM my time.

Unless there is anything urgent, or something new that I want to play with, I update my systems monthly.

I run all ~arch, on x86, arm, arm64 and amd64 and don't seem to get any nasty surprises.

I have let  the x86 and arm systems go for a year or more.  That's a very bad thing.

It will give you an advanced course in using portage.

----------

## ct85711

The main thing to remember, is that the longer you wait in between updates, the more packages that may need to be updated.  As that list grows, higher potential of issues too.  I used to do daily, but I find I get the usual checksum mismatches regularly enough (usually fixed withing a day) that it becomes more of a pest.  For me, I update my systems weekly to biweekly.

Like Neddy said, waiting up to a year or more on updating any Gentoo machine (stable or not) is an guaranteed mess, with the usual recommendation of reinstalling the system for simplest/quickest resolution.  Of course it is possible to update the machine, but it will be a difficult learning process (you will learn portage really well by the time you finish, from just trying to work the issues out).

----------

## Ant P.

Sync daily (because that's how often webrsync updates), read eix-diff/glsa-check output, update as necessary.

----------

## farmer.ro

so no need to update daily; if i update once a week, i will be fine?

----------

## NeddySeagoon

farmer.ro,

That will save from the portage learning experience, yes.

----------

## Ant P.

If you can't decide when to update, do an emerge -DNputv @world. If it's longer than your screen, it's probably a good time to do it.

----------

## farmer.ro

the reason i ask how often i should update, is because i run aide checks, and when portage upgrades packages on the system it seems to alter the aide.conf in a way that it becomes too much to inspect.

so when portage upgrades, i say, ok now aide changed, so thats fine, after run a new aide, and then it lasts untill the next portage upgrade.

so if i upgrade portage daily then there is alot of work and inspecting to do, if upgrade once a week, the aide checks are more acceptable.

i will try to upgrade only once a week, lets say every monday of the week, but i wonder if it will leave me more vulnerable to possible software exploits, due to not patching the software in time, but hey its a week, would i really matter that much?

----------

## toralf

 *Ant P. wrote:*   

> If you can't decide when to update, do an emerge -DNputv @world. If it's longer than your screen, it's probably a good time to do it.

 +1

----------

## fturco

I'm currently updating my Gentoo system daily, but I'm pondering to switch to weekly updates instead.

----------

## Logicien

I think you must not sync Portage more than one time a day otherwise you can be put in a blacklist who will disallow you to sync. I read something like this when I do emerge --sync.

----------

## russK

 *toralf wrote:*   

>  *Ant P. wrote:*   If you can't decide when to update, do an emerge -DNputv @world. If it's longer than your screen, it's probably a good time to do it. +1

 

+1  

I like this because it suggests there need not be a rigid time table per se, it depends on how busy the devs have been.

Although if I'm checking with emerge --ask, I usually just say yes. And sure, I usually take a shower every day whether I need it or not.    :Laughing: 

----------

## szatox

 *Quote:*   

> I like this because it suggests there need not be a rigid time table per se, it depends on how busy the devs have been. 

 It's true, the timetable is not very rigid. I only had like a handful packages updated over last few months, and now it feels like the devs wanted to rebuild half of my @world  :Laughing: 

Anyway, the more often you update the easier it is. There is nothing wrong with weekly schedule. However, if you wait longer than a month, you will encounter some problems. You may be lucky once or twice, but don't get used to it working smoothly.

----------

## eccerr0r

I think if you really want to minimize portage updates you should:

emaint -a sync # or emerge --sync  # every week at minimum

glsa-check -l affected # this will give you a list of packages that have GentooLinuxSecurityAdvisories outstanding

eselect news list # see if there are any alerts that the Devs put out that may cause an update pain.  If you see any packages there that you use, it would be wise to update it, its dependencies, and config files related to it as soon as you can - else it may become a mess later.

Doing this minimum is going to get you into trouble later, but at least it keeps you secure.

Also not running ~amd64 ~x86, etc., helps with the churn.  Minimizing your per package USE flags or trying to just use the defaults may help.

It's a cost of running latest and having per-package/group of packages customization. 

I try to do my updates at least weekly for my outward facing servers (mainly checking for service daemon updates like sshd, httpd, sendmail, etc.).  The internal machines that are firewalled I treat less rigorously...

On a side note, anyone know anyone who has been blacklisted?  I kind of fear getting blacklisted on "sites" that I didn't set up a portage rsync mirror - I do wonder if there are like 4 machines behind a NAT are rsyncing once a week but all four rsync on the same day.  This will look like one machine rsyncing four times that day and thus isn't playing nicely...

----------

## szatox

 *Quote:*   

> if there are like 4 machines behind a NAT are rsyncing once a week but all four rsync on the same day. 

 Why not simply put the whole /usr/portage on an NFS share accessible to all those machines?

Sync once, download sources once. Bonus: build once and then install binary packages on the other machines, as long as they are similar. Emerge will build binpkg if you request it and use binpkg if you allow it (and flags do match)

----------

## eccerr0r

Main reason: because I can't control the power of each of the machines, there is not one of the machines that I can depend on being on at any time...

Plus the USE flags are different.

My home set of machines I do have a true 'server' and that has a full rsync mirror for portage.  While NFS is an option, sometimes I disconnect the cable and I'd rather sync to my server than wait for NFS timeout when something screws up.

----------

