FreeBSD update/upgrade system/packages. Looking for advice.

[khuman]

Hi, everyone!
I'm looking for best practices. For example, we have couple (20+) FreeBSD servers in Internet. They're working in different roles.
Can community share experience in topic? So, some questions:
1) How do you do update system to new versions? Binary or rebuild world.
2) How do you prefer to upgrade packages? pkg upgrade or portmaster.
3) How often do you upgrade packages? As soon as possible after received vulnerability report or else...
4) Are you upgrading package automatically or manual? If automatically, which tool/technology do you use?

 

[SirDice]

1) freebsd-update(8). This can be proxied through a caching proxy.
2) pkg(8), I've set up my own repositories with ports-mgmt/poudriere
3) Weekly
4) Manual, I have more control. I need to bring services down in a controlled way and switch fail-overs. In order not to interrupt production.
5) (not asked) We use Puppet for centralized configuration management.