Date: Sun, 08 Dec 2002 13:59:02 -0800 From: Wes Peters <wes@softweyr.com> To: Aristedes Maniatis <ari@ish.com.au> Cc: dmagda@ee.ryerson.ca, Mike Hoskins <mike@adept.org>, freebsd-stable@FreeBSD.ORG Subject: Re: update strategies Message-ID: <3DF3C0A6.41041867@softweyr.com> References: <2E37135F-0AB4-11D7-B2B7-003065A9024A@ish.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Aristedes Maniatis wrote:
>
> OK. This is where I get confused. I thought that the point of putting
> these applications into the base FreeBSD distribution was that they
> need to be tightly integrated into the OS.
Not in the case of BIND (and Sendmail, for example). Ther were integrated
with the system because "it was always done that way before".
> I understand that this is
> critical for basic system tools like "adduser". It appears this makes
> it important to build the whole distribution together (buildworld) and
> not get one tool out of sync with the rest.
>
> But if this is not the case, and we are supposed to build portions of
> the /usr/src/ without rebuilding the whole thing, why aren't these
> tools in /usr/ports?
See the mailing list archives for YEARS of discussion on this exact
same topic. The best answer you'll probably find in your research is
because FreeBSD needs SOME sort of resolver library, name services, and
even a network mailer to be generally considered functional, and it was
a lot easier to leave BIND and Sendmail in the distribution than to
adapt sysinstall to forcefully make the average installer choose one of
each.
Yes, this is pretty lame reason. If you're ready to step up to the plate
and do the sysinstall work to overcome this lameness, you'll be welcomed
with open arms.
> I'm new here, so I'm not telling you how to suck eggs. Perhaps there
> are historical reasons for this hierarchy. But I want to make sure I do
> the right thing. Is this the safest approach:
>
> * install ports for named, ssh, etc.
> * disable the base FreeBSD distributions of these tools
> * use cvsup to update these tools whenever I need to because of
> security/bugs/features
> * use cvsup to update base FreeBSD (src-all) for each tagged release
> (every 3 months or sooner in case of problems). Or less often if the
> update doesn't look important. Then buildworld to build a consistent
> FreeBSD release.
Close. Replace the latter with "follow the FreeBSD security advisories
and update both ports and system sources as advised."
Be warned that when security advisories come in to the FreeBSD security
team, they are most likely to focus on getting fixes into the "base"
system, then into ports as needed. If you can offer assistance to the
port maintainers for critical infrastructure pieces like name servers
and/or mailers, that will be welcomed as well.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DF3C0A6.41041867>