From owner-freebsd-ports@freebsd.org  Sat Jul  9 08:49:05 2016
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35137B84976
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Sat,  9 Jul 2016 08:49:05 +0000 (UTC)
 (envelope-from michelle@sorbs.net)
Received: from hades.sorbs.net (mail.sorbs.net [67.231.146.200])
 by mx1.freebsd.org (Postfix) with ESMTP id 271591D26
 for <freebsd-ports@freebsd.org>; Sat,  9 Jul 2016 08:49:04 +0000 (UTC)
 (envelope-from michelle@sorbs.net)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII; format=flowed
Received: from isux.com (firewall.isux.com [213.165.190.213])
 by hades.sorbs.net
 (Oracle Communications Messaging Server 7.0.5.29.0 64bit (built Jul 9 2013))
 with ESMTPSA id <0OA100J6LI62N600@hades.sorbs.net> for
 freebsd-ports@freebsd.org; Sat, 09 Jul 2016 01:56:27 -0700 (PDT)
Subject: Re: base components should always be default (Re: change in default
 openssl coming)
To: Xin Li <delphij@delphij.net>, freebsd-ports@freebsd.org
References: <D13290234BD20864405FC0B2@atuin.in.mat.cc>
 <f146f327-67f8-2ecf-21a9-b348dbe614c2@aldan.algebra.com>
 <b4c87f59-fd30-19fd-5251-65c47720a0dc@gjunka.com>
 <541d8b69-b177-3ddf-8a2d-560e778001ca@delphij.net>
From: Michelle Sullivan <michelle@sorbs.net>
Message-id: <5780BA77.9090409@sorbs.net>
Date: Sat, 09 Jul 2016 10:48:55 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0)
 Gecko/20100101 Firefox/43.0 SeaMonkey/2.40
In-reply-to: <541d8b69-b177-3ddf-8a2d-560e778001ca@delphij.net>
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jul 2016 08:49:05 -0000

Xin Li wrote:
>
> On 7/8/16 12:20, Grzegorz Junka wrote:
>> The only reason I heard why base isn't updated with the proper package
>> from ports is because of security implications. Older versions are more
>> security-tested and therefore safer. If there is a vulnerability in the
>> base it's much more hassle to update the base than ports.
> Not necessarily safer -- for instance on FreeBSD 9.x the base system
> OpenSSL is EoL'ed by upstream, and therefore the security fixes are
> backported by secteam@ in a case-by-case manner.  Generally speaking,
> newer code is safer and supports newer standards, and we recommend ALL
> users who are still on FreeBSD 9.x to use port version of OpenSSL.
>
Did that a long time ago when I realised how FreeBSD actually supports 
the people using it instead of the developers.. not that it worries me 
now, shortly I won't have any FreeBSD hosts.

-- 
Michelle Sullivan
http://www.mhix.org/