From owner-freebsd-stable@FreeBSD.ORG Mon Jun 11 23:42:32 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71FA3106567D for ; Mon, 11 Jun 2012 23:42:32 +0000 (UTC) (envelope-from dave@jetcafe.org) Received: from hugeraid.jetcafe.org (hugeraid.jetcafe.org [205.147.26.109]) by mx1.freebsd.org (Postfix) with ESMTP id ED9748FC0A for ; Mon, 11 Jun 2012 23:42:31 +0000 (UTC) Received: from hugeraid.jetcafe.org (localhost [127.0.0.1]) by hugeraid.jetcafe.org (8.13.8/8.13.8) with ESMTP id q5BNZGPT029709; Mon, 11 Jun 2012 16:35:16 -0700 (PDT) Message-Id: <201206112335.q5BNZGPT029709@hugeraid.jetcafe.org> X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.0.4 To: Adam Strohl In-reply-to: <4FD3629B.9060106@ateamsystems.com> References: <20120604110339.GA9426@equilibrium.bsdes.net> <4FD2D4CC.3080109@ateamsystems.com> <4FD35F67.4020007@hm.net.br> <4FD3629B.9060106@ateamsystems.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 11 Jun 2012 16:35:16 -0700 From: Dave Hayes Cc: Steve Franks , H , freebsd-stable Subject: Re: Why Are You NOT Using FreeBSD ? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jun 2012 23:42:32 -0000 Adam Strohl writes: > There in lies the question -- why do you need to compile a port which > was just released? Is it a security thing or is it "I want the latest" > ? I'm just curious (and totally uninterested in how this ranks in your > "worse question" list). If I weren't honorable, I'd consider this question a troll. It's so far afield from my daily reality...well I'm going to take this at face value, because maybe -I've- got something wrong. ;) Let's just consider Firefox, which has a rather aggressive release schedule (once a month). $ pkg_info -r firefox-10.0.3,1 | grep Dependency | wc -l 175 Look at some of these dependencies: $ pkg_info -r firefox-10.0.3,1 | grep Dependency | sort ... Dependency: cairo-1.10.2_3,1 ... Dependency: gtk-2.24.6 ... Dependency: libgnome-2.32.0 ... Dependency: perl-threaded-5.14.2_2 ... Dependency: python27-2.7.2_4 Basically, everytime you want to upgrade firefox to 'stay current', you are upgrading a fair number of heavyweight packages. The chances that these will change month to month are high. (In the interests of brevity I will leave the verification of this to interested parties). Any of the ports listed above can have dependencies and consequences that reach very far into your workflow. If you do not upgrade them, you risk that firefox breaks in unknown ways. This is a rock and a hard place...do you upgrade everything from scratch (safest, but the 48 hour downtime is not unreasonable) or do you try to just replace that one port (risky, but you'll likely be up in an hour)? For firefox, it might very well be a security thing that causes the upgrade. Note well that I am not running 12 (is it at 12 now? 13? urgh.) because I'm in development and I do not want to touch certain other ports. Do I have this wrong? Anyone see a problem with this picture? What can we do to "just upgrade" in a safe fashion when we want to? -- Dave Hayes - Consultant - Altadena CA, USA - dave@jetcafe.org >>> The opinions expressed above are entirely my own <<< The treasure house within you contains everything, and you are free to use it. You don't need to seek outside.