Date: Sun, 13 Jun 2004 09:42:26 +0100 From: Steve O'Hara-Smith <steve@sohara.org> To: Haim Ashkenazi <haim@babysnakes.org> Cc: freebsd-stable@freebsd.org Subject: Re: keeping my freebsd secure... Message-ID: <20040613094226.3ed54c60.steve@sohara.org> In-Reply-To: <pan.2004.06.13.00.02.49.681547@babysnakes.org> References: <pan.2004.06.12.09.01.59.52173@babysnakes.org> <40CB2BC2.4070201@mac.com> <pan.2004.06.13.00.02.49.681547@babysnakes.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Jun 2004 03:02:52 +0300 Haim Ashkenazi <haim@babysnakes.org> wrote: HA> this is another thing I'm confused about. if I stay with RELENG_4_10, HA> would I get security updates? does this also affect the ports? If you stay with RELENG_4_10 you will get *only* security updates to the base system. Upgrading the base system does nothing at all to the ports which are maintained separately and not branched. To upgrade the ports you have to update your ports tree (with cvsup) and use portupgrade or do it by hand which is no fun at all. There is no way of getting only security changes for the ports, mainly because the ports are really only canned build/install instructions for third party applications most of which do not separate security changes from feature changes and bug fixes. It would be nice if there were a set of tested reliable and secure open source applications available, maintaining such a set would be a major project in its own right. It would probably need a shadow CVS (or similar) repository for each application and enough skilled people to audit and test each and every change against an ever growing regression and security test suite. Such an effort would most likely lag behind the main development badly and/or generate forks. The alternative, and current practice, is to depend on the main development teams of each application to do the best they can and track their releases. -- C:>WIN | Solar Thermal Systems The computer obeys and wins. | http://www.soleire.com/ You lose and Bill collects. | Directable Mirror Arrays | http://www.sohara.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040613094226.3ed54c60.steve>