From owner-freebsd-questions@FreeBSD.ORG Sun Dec 7 17:39:10 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8FF0E1065675 for ; Sun, 7 Dec 2008 17:39:10 +0000 (UTC) (envelope-from nino80@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.178]) by mx1.freebsd.org (Postfix) with ESMTP id 622268FC0C for ; Sun, 7 Dec 2008 17:39:10 +0000 (UTC) (envelope-from nino80@gmail.com) Received: by wa-out-1112.google.com with SMTP id m34so372181wag.27 for ; Sun, 07 Dec 2008 09:39:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=dQQtbbNfAxOweOzK9HLZlSTGc2mQoPOEGldHtLrB0m0=; b=lh1fIg/W2a2smbz7xr7Odno1SenRTDVjtB57a7x+b1+cBXXnVZjiWWk0h6KEmON51c iZPj5cgZfzwTrp8gzNM0RXzVNg8Itn+3PGYQHaGhcBu5AO4yYF9RAcsGN3II4w5KgcPz +bFAqPRGfJI/nwYdlBnrPo2XV6F2iBVvyaz3c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=kjFYnJSAn3SBklhrXNuWFb1U5hEDWfY4LmyLf1hoVt0XB2eH4ijuEqdbYqfbuMdHKQ G6fVTMTpd8iLM28hmeqvAe2KzwHzQNBtXQWlWtz5zjxJa0z7wTQlT5avu7X7NV4R8DBH 2ZrR1ZuExvHVTXBkpTSAX3ckU+PyvANyZgZ3E= Received: by 10.114.192.17 with SMTP id p17mr1734558waf.196.1228671549964; Sun, 07 Dec 2008 09:39:09 -0800 (PST) Received: by 10.114.107.20 with HTTP; Sun, 7 Dec 2008 09:39:09 -0800 (PST) Message-ID: <92bcbda50812070939v59afe196od1c8b6489b5a0d6c@mail.gmail.com> Date: Sun, 7 Dec 2008 18:39:09 +0100 From: "n j" To: freebsd-questions@freebsd.org In-Reply-To: <200812012304.56334.beech@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200812012304.56334.beech@freebsd.org> Subject: Re: [freebsd-questions] Looking @ upgrades mechanisms... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Dec 2008 17:39:10 -0000 > versions. The packages for a particular branch tend to lag the updates by up > to a couple of weeks although they are built continually. If you want to stay > really up to date you need to keep your tree updated with portsnap or csup > (part of the base system) and compile them yourself. Another advantage to > compiling is you can choose options. The packages are always built with > default options which is generally OK, but not always optimal. On a discussion note, wouldn't it be nice (and quite possible based on the frequency of vulnerability reports on vuxml) to have a sort of "security" branch for pre-built packages? What I mean is, if you use -RELEASE package repository, you get the benefit of a large number of pre-built packages at a cost of them not being up to date. On the other hand, building all the packages all the time (i.e. using -STABLE repository) results in the mentioned couple of weeks lag, probably due to the sheer number of ports available. So, it would be nice to have a sort of -SECURITY branch (much like it existed before freebsd-update became part of base system) and make a dedicated package repository where only packages with reported vulnerabilities in vuxml would get (promptly and regularly) rebuilt thus giving people options of doing binary up-to-date upgrading without inflicting too much load on the package building machines. Thoughts anyone? -- Nino