From owner-freebsd-stable@FreeBSD.ORG Mon May 22 10:24:41 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1196E16A4D3 for ; Mon, 22 May 2006 10:24:41 +0000 (UTC) (envelope-from amon@sockar.homeip.net) Received: from sockar.homeip.net (tourist.net8.nerim.net [213.41.176.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67F4143D6D for ; Mon, 22 May 2006 10:24:40 +0000 (GMT) (envelope-from amon@sockar.homeip.net) Received: from sockar.homeip.net (localhost [127.0.0.1]) by sockar.homeip.net (8.13.4/8.13.3) with ESMTP id k4MALxfV003082 for ; Mon, 22 May 2006 12:21:59 +0200 (CEST) (envelope-from amon@sockar.homeip.net) Received: (from amon@localhost) by sockar.homeip.net (8.13.4/8.13.3/Submit) id k4MALxcq003081 for freebsd-stable@freebsd.org; Mon, 22 May 2006 12:21:59 +0200 (CEST) (envelope-from amon) Date: Mon, 22 May 2006 12:21:59 +0200 From: Herve Boulouis To: freebsd-stable@freebsd.org Message-ID: <20060522102159.GI56143@ra.aabs> References: <20060522094305.GA70157@lpthe.jussieu.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20060522094305.GA70157@lpthe.jussieu.fr> User-Agent: Mutt/1.4.2.1i Subject: Re: FreeBSD Security Survey X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2006 10:24:43 -0000 Le 22/05/2006 11:43, Michel Talon a écrit: > > OpenBSD doesn't have next to 15000 ports. In my opinion, this richness is > one of the main assets of FreeBSD, and by necessity implies a great difficulty > to maintain everything in a coherent and secure state. You have only to > contemplate the years it took to release Debian Sarge to convince yourself. > Personnally i am quite pleased with the present state of the FreeBSD ports, > i think it is in a much better state than a couple of years before, and > for my own use, security is a very secondary issue. People who have machines > exposed on the internet usually have a small number of ports installed, and > can maintain them in the latest secure version. I have around 600 ports > installed on my 6.1 machine, which will certainly grow in time, and no > intention whatsoever to run portupgrade on that. I completely agree with Michel. The question that I think is missing from the survey is the usage you do of your freebsd installation. All production servers I have (50) use few ports and upgrades (security related or not) are always done by hand. On the other side, I nearly always use precompiled packages on my workstation to save compile time and dependencies headaches. -- Herve Boulouis