Date: Tue, 5 Dec 2017 09:22:28 +0000 From: Steven Hartland <killing@multiplay.co.uk> To: Michelle Sullivan <michelle@sorbs.net> Cc: freebsd-ports@freebsd.org, Adam Weinberger <adamw@adamw.org> Subject: Re: Welcome flavors! portmaster now dead? synth? Message-ID: <bb3b252f-3c17-ea50-0e05-ce4504239c3e@multiplay.co.uk> In-Reply-To: <5A2625D7.7080207@sorbs.net> References: <CAN6yY1ujLFdKpuG4Rxz%2Bfww9gAxTBaY14iCB7RFTkh-oVB1%2B9A@mail.gmail.com> <BN6PR2001MB1730A16025654AB7C452111B80390@BN6PR2001MB1730.namprd20.prod.outlook.com> <CAOc73CD9VnLKv8-jBNW1Uj05LnEFh6kkZFKNAxp-EG9YO_AUxA@mail.gmail.com> <1512211220.79413.1.camel@yandex.com> <BN6PR2001MB17309152A0FC3776781AB53B803E0@BN6PR2001MB1730.namprd20.prod.outlook.com> <20171202184356.GA980@lonesome.com> <b0e44e55-5fc9-af2a-22c8-bfa0d30c866f@columbus.rr.com> <20800E88-36EC-49C4-A281-EA6BAB212DBF@adamw.org> <5A246D28.2020007@sorbs.net> <6881393C-BCE0-4F3E-B5AA-FC2FF995628D@adamw.org> <5A24BA3E.1050507@sorbs.net> <CAHEMsqb1ZOsHxmD0RzbXDdN0AWQPHS1xZpDdSJYgBHo4HnC24g@mail.gmail.com> <5A2625D7.7080207@sorbs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/12/2017 04:51, Michelle Sullivan wrote: > Steven Hartland wrote: >> On Mon, 4 Dec 2017 at 03:02, Michelle Sullivan <michelle@sorbs.net> >> wrote: >> >>> You mean if you're not into security or part of a security company stay >>> on quarterly, but if you need to keep patched up because you are in the >>> top 100 of most attacked sites/companies in the world, deploy a team of >>> people to patch security issues and run your own ports tree because >>> breakage on HEAD is often and when you need it the least and quarterly >>> doesn't guarantee it'll even work/compile and nearly never gets >>> security >>> patches. >>> >>> >>> Sorry, but that's the truth of it and the reason I no longer use >>> FreeBSD >>> or the Ports tree, instead using a derivative of each which is a lot >>> more stable and patched against security issues within hours of them >>> being identified. >> >> This has not been our experience here, we’ve run our own ports tree from >> HEAD for many years and while we’ve had some internal patches that need >> fixing on update, thats always been down to us not keeping them up to >> date >> with changes. > > We were using HEAD, not a local copy that we could put patches in > (that was the issue - we'd submit patches up and find them not applied > for months in some cases.) That's really unfortunate and I don't think you're alone, bringing in more resources to ports something that needs to be worked on. >> >> Sure we could have got lucky but it does mean that such a blanket >> statement >> is not valid for everyone’s use case. > > I think you'll find using HEAD (as in the raw HEAD) not just a local > copy with local patches it probably does ring true a lot - that said, > didn't really bite me badly until the decision to force user changes > by breaking the existing system (for me that was pkg_* -> pkgng) for > others.. well they can say if they dare to chip in. pkg -> pkgng was a little bit bumpy at the start but the results have been very much worth it. > >> >> I’m not sure if it’s possible but if you’re already allocating >> resources to >> help handle security patches could that not be something that the wider >> user base could benefit from via helping the secteam, if its turnaround >> time on security patches you’re highlighting as an issue here? >> > > Not working on FreeBSD now, the team deals with all in house OSes, > FreeBSD is not deployed here anymore except on legacy machines that > are being replaced (and I'm surprised there are any left now.) > Sorry to hear that.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bb3b252f-3c17-ea50-0e05-ce4504239c3e>