From owner-freebsd-ports@freebsd.org Tue Dec 5 04:53:38 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 01A17DF4458 for ; Tue, 5 Dec 2017 04:53:38 +0000 (UTC) (envelope-from michelle@sorbs.net) Received: from hades.sorbs.net (hades.sorbs.net [72.12.213.40]) by mx1.freebsd.org (Postfix) with ESMTP id D9DCC6A877 for ; Tue, 5 Dec 2017 04:53:37 +0000 (UTC) (envelope-from michelle@sorbs.net) MIME-version: 1.0 Content-transfer-encoding: 8BIT Content-type: text/plain; charset=UTF-8; format=flowed Received: from typhoon.sorbs.net (203-206-128-220.perm.iinet.net.au [203.206.128.220]) by hades.sorbs.net (Oracle Communications Messaging Server 7.0.5.29.0 64bit (built Jul 9 2013)) with ESMTPSA id <0P0H00M281ZIGU00@hades.sorbs.net> for freebsd-ports@freebsd.org; Mon, 04 Dec 2017 21:02:09 -0800 (PST) Subject: Re: Welcome flavors! portmaster now dead? synth? To: Steven Hartland Cc: freebsd-ports@freebsd.org, Adam Weinberger References: <1512211220.79413.1.camel@yandex.com> <20171202184356.GA980@lonesome.com> <20800E88-36EC-49C4-A281-EA6BAB212DBF@adamw.org> <5A246D28.2020007@sorbs.net> <6881393C-BCE0-4F3E-B5AA-FC2FF995628D@adamw.org> <5A24BA3E.1050507@sorbs.net> From: Michelle Sullivan Message-id: <5A2625D7.7080207@sorbs.net> Date: Tue, 05 Dec 2017 15:51:35 +1100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40 In-reply-to: X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Dec 2017 04:53:38 -0000 Steven Hartland wrote: > On Mon, 4 Dec 2017 at 03:02, Michelle Sullivan wrote: > >> You mean if you're not into security or part of a security company stay >> on quarterly, but if you need to keep patched up because you are in the >> top 100 of most attacked sites/companies in the world, deploy a team of >> people to patch security issues and run your own ports tree because >> breakage on HEAD is often and when you need it the least and quarterly >> doesn't guarantee it'll even work/compile and nearly never gets security >> patches. >> >> >> Sorry, but that's the truth of it and the reason I no longer use FreeBSD >> or the Ports tree, instead using a derivative of each which is a lot >> more stable and patched against security issues within hours of them >> being identified. > > This has not been our experience here, we’ve run our own ports tree from > HEAD for many years and while we’ve had some internal patches that need > fixing on update, thats always been down to us not keeping them up to date > with changes. We were using HEAD, not a local copy that we could put patches in (that was the issue - we'd submit patches up and find them not applied for months in some cases.) > > Sure we could have got lucky but it does mean that such a blanket statement > is not valid for everyone’s use case. I think you'll find using HEAD (as in the raw HEAD) not just a local copy with local patches it probably does ring true a lot - that said, didn't really bite me badly until the decision to force user changes by breaking the existing system (for me that was pkg_* -> pkgng) for others.. well they can say if they dare to chip in. > > I’m not sure if it’s possible but if you’re already allocating resources to > help handle security patches could that not be something that the wider > user base could benefit from via helping the secteam, if its turnaround > time on security patches you’re highlighting as an issue here? > Not working on FreeBSD now, the team deals with all in house OSes, FreeBSD is not deployed here anymore except on legacy machines that are being replaced (and I'm surprised there are any left now.) Michelle