From owner-freebsd-stable@FreeBSD.ORG Mon May 22 10:02:43 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDA8F16A422 for ; Mon, 22 May 2006 10:02:43 +0000 (UTC) (envelope-from matthias.andree@gmx.de) Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 0FC8C43D45 for ; Mon, 22 May 2006 10:02:42 +0000 (GMT) (envelope-from matthias.andree@gmx.de) Received: (qmail invoked by alias); 22 May 2006 10:02:38 -0000 Received: from p50911DCF.dip0.t-ipconnect.de (EHLO m2a2.dyndns.org) [80.145.29.207] by mail.gmx.net (mp038) with SMTP; 22 May 2006 12:02:38 +0200 X-Authenticated: #428038 Received: from localhost (localhost [127.0.0.1]) by merlin.emma.line.org (Postfix) with ESMTP id F18282006BF for ; Mon, 22 May 2006 12:02:16 +0200 (CEST) Received: from m2a2.dyndns.org ([127.0.0.1]) by localhost (m2a2.dyndns.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12751-17 for ; Mon, 22 May 2006 12:02:15 +0200 (CEST) Received: by merlin.emma.line.org (Postfix, from userid 500) id 06152200B91; Mon, 22 May 2006 12:02:15 +0200 (CEST) From: Matthias Andree To: freebsd-stable@freebsd.org In-Reply-To: <44714FBB.4000603@samsco.org> (Scott Long's message of "Sun, 21 May 2006 23:44:27 -0600") References: <4471361B.5060208@freebsd.org> <20060521231657.O6063@abigail.angeltread.org> <44714FBB.4000603@samsco.org> X-PGP-Key: http://home.pages.de/~mandree/keys/GPGKEY.asc Date: Mon, 22 May 2006 12:02:14 +0200 Message-ID: User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: amavisd-new at emma.line.org X-Y-GMX-Trusted: 0 Subject: Re: FreeBSD Security Survey X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2006 10:02:44 -0000 Scott Long writes: > I share this frustration with you. I was once told that the pain in > upgrading is due largely to a somewhat invisible difference between > installing a pre-compiled package, and building+installing a port. In > theory, if you stick to one method or the other, things will stay mostly > consistent. But if you mix them, and particularly if you update the > ports tree in the process, the end result is a bit more undefined. One > thing that I wish for is that the ports tree would branch for releases, > and that those branches would get security updates. I know that this > would involve an exponentially larger amount of effort from the ports > team, and I don't fault them for not doing it. Still, it would be nice > to have. Speaking as a port maintainer, if these branches would allow to just "MFC" updates from HEAD that are proven and meet dependency requirements for the new version, I think I'd be able to handle this. The major ports for concern I maintain (db3* db4*) have forked minor versions for compatibility anyways. If it's a "bugfix only" policy that may involve ripping out the minimum fix out of a larger patch set, it'll pretty much be a non-starter for me unless someone funds that work. -- Matthias Andree