From owner-freebsd-stable@FreeBSD.ORG Mon May 22 09:43:36 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58AD116A45A for ; Mon, 22 May 2006 09:43:36 +0000 (UTC) (envelope-from michel@lpthe.jussieu.fr) Received: from shiva.jussieu.fr (shiva.jussieu.fr [134.157.0.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EE7843D8F for ; Mon, 22 May 2006 09:43:07 +0000 (GMT) (envelope-from michel@lpthe.jussieu.fr) Received: from parthe.lpthe.jussieu.fr (parthe.lpthe.jussieu.fr [134.157.10.1]) by shiva.jussieu.fr (8.13.6/jtpda-5.4) with ESMTP id k4M9h6xh098773 for ; Mon, 22 May 2006 11:43:06 +0200 (CEST) X-Ids: 168 Received: from niobe.lpthe.jussieu.fr (niobe.lpthe.jussieu.fr [134.157.10.41]) by parthe.lpthe.jussieu.fr (Postfix) with ESMTP id 36D16A032D for ; Mon, 22 May 2006 11:43:05 +0200 (CEST) Received: by niobe.lpthe.jussieu.fr (Postfix, from userid 2005) id 2C46633; Mon, 22 May 2006 11:43:05 +0200 (CEST) Date: Mon, 22 May 2006 11:43:05 +0200 From: Michel Talon To: freebsd-stable@freebsd.org Message-ID: <20060522094305.GA70157@lpthe.jussieu.fr> Mail-Followup-To: Michel Talon , freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.7.2 (shiva.jussieu.fr [134.157.0.168]); Mon, 22 May 2006 11:43:06 +0200 (CEST) X-Antivirus: scanned by sophie at shiva.jussieu.fr X-Miltered: at shiva.jussieu.fr with ID 447187AA.001 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! Subject: Re: FreeBSD Security Survey X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2006 09:43:36 -0000 >> ports tree in the process, the end result is a bit more undefined. One >> thing that I wish for is that the ports tree would branch for releases, >> and that those branches would get security updates. I know that this >> would involve an exponentially larger amount of effort from the ports >> team, and I don't fault them for not doing it. Still, it would be nice >> to have. > >Yes, totally agree. >That's the way OpenBSD ports tree works and it worked very well for me. >Thus not to say FreeBSD's one didn't, but it takes a lot more attention, >which isn't always a bad thing ;) OpenBSD doesn't have next to 15000 ports. In my opinion, this richness is one of the main assets of FreeBSD, and by necessity implies a great difficulty to maintain everything in a coherent and secure state. You have only to contemplate the years it took to release Debian Sarge to convince yourself. Personnally i am quite pleased with the present state of the FreeBSD ports, i think it is in a much better state than a couple of years before, and for my own use, security is a very secondary issue. People who have machines exposed on the internet usually have a small number of ports installed, and can maintain them in the latest secure version. I have around 600 ports installed on my 6.1 machine, which will certainly grow in time, and no intention whatsoever to run portupgrade on that. -- Michel TALON