From owner-freebsd-ports@freebsd.org Tue Dec 5 09:22:32 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B65EDFE9FF for ; Tue, 5 Dec 2017 09:22:32 +0000 (UTC) (envelope-from killing@multiplay.co.uk) Received: from mail-wm0-x241.google.com (mail-wm0-x241.google.com [IPv6:2a00:1450:400c:c09::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F3895728F6 for ; Tue, 5 Dec 2017 09:22:31 +0000 (UTC) (envelope-from killing@multiplay.co.uk) Received: by mail-wm0-x241.google.com with SMTP id g130so18129416wme.0 for ; Tue, 05 Dec 2017 01:22:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=multiplay-co-uk.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=HDUmxshmAjDaHDpThNTWswAOktcQBs8PoQ1s0vBisXA=; b=cx4jWyymPVDDntXrTXlzcnsXG1b72teTgY8HKZxLzx2uJgARNYUplW5W8mHHQEToOs IbrZRYo2wbFca2pVlpHQgX9973YXy0Eki0g7G0uVFb09rQE8kkFi6tPMr01vMZGHNdXe +eMilgWEijfZST4MbfQKRjKqQJn0gYLuHIlFIb3Vs3hvPRkfnjksFG/L39/fhV4HUhio U1ZOJKjq2KUiJ9LYqFqEdRXg386RDI79D3mA6Cs10o8ovhMgrG07JB4XTz1jB/bJmO1m tuxe1YcHbNrHs9+VB0bmMHFKgzxFaZpc8Xc7wmstI3uqSi+AQLljsE8IBo0cMFz+dUf3 ywtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=HDUmxshmAjDaHDpThNTWswAOktcQBs8PoQ1s0vBisXA=; b=XUK6aRmjhkV9DarBOQltavpAoXhw5TSrMMw8hy2za0S4W2qn6kCeINHbu1BM5KygiO daS52ijxqyNqIisjEEeDumMJ/O631N9C97AqWX5GajY1vfgKNziePgjEYbH044VIYoHt Gq4vPXqm2RxyIUzyC+Wk/KvvbbYTQMUcxKBQ/6smR6XLuSA8lmsk3OkcRMmlsxwmMVnW 8fL+4L1r8uWstVFEoujT7JMpdsztJpOIle6kQkP3Q8tX74W20SG29OZjHIX69RiJ82TR 8TohvFIz6/xT9e67Ggi/eDc6rSRdzAsFo/3BvE7F6re/XSQhU4dLO2tChxx18toIaUSN 3GdQ== X-Gm-Message-State: AKGB3mJAAh2fIJ8Ludisp7RabrxGhtqY8VChpgG2HnbdMYT/kwHkXu/K DHJHE5metQ9XXgzJEsBf3yBt8B2EdfU= X-Google-Smtp-Source: AGs4zMZgsrYlHMTJvgt644swqHUYogjgySe203Ic/koqRu6TURRnhafpCiPgkZYLrFMMW0ZArXWmFA== X-Received: by 10.28.191.132 with SMTP id o4mr4961027wmi.157.1512465750407; Tue, 05 Dec 2017 01:22:30 -0800 (PST) Received: from [10.10.1.111] ([185.97.61.1]) by smtp.gmail.com with ESMTPSA id i65sm7003248wme.20.2017.12.05.01.22.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Dec 2017 01:22:29 -0800 (PST) Subject: Re: Welcome flavors! portmaster now dead? synth? To: Michelle Sullivan Cc: freebsd-ports@freebsd.org, Adam Weinberger References: <1512211220.79413.1.camel@yandex.com> <20171202184356.GA980@lonesome.com> <20800E88-36EC-49C4-A281-EA6BAB212DBF@adamw.org> <5A246D28.2020007@sorbs.net> <6881393C-BCE0-4F3E-B5AA-FC2FF995628D@adamw.org> <5A24BA3E.1050507@sorbs.net> <5A2625D7.7080207@sorbs.net> From: Steven Hartland Message-ID: Date: Tue, 5 Dec 2017 09:22:28 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <5A2625D7.7080207@sorbs.net> Content-Language: en-US Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Dec 2017 09:22:32 -0000 On 05/12/2017 04:51, Michelle Sullivan wrote: > Steven Hartland wrote: >> On Mon, 4 Dec 2017 at 03:02, Michelle Sullivan >> wrote: >> >>> You mean if you're not into security or part of a security company stay >>> on quarterly, but if you need to keep patched up because you are in the >>> top 100 of most attacked sites/companies in the world, deploy a team of >>> people to patch security issues and run your own ports tree because >>> breakage on HEAD is often and when you need it the least and quarterly >>> doesn't guarantee it'll even work/compile and nearly never gets >>> security >>> patches. >>> >>> >>> Sorry, but that's the truth of it and the reason I no longer use >>> FreeBSD >>> or the Ports tree, instead using a derivative of each which is a lot >>> more stable and patched against security issues within hours of them >>> being identified. >> >> This has not been our experience here, we’ve run our own ports tree from >> HEAD for many years and while we’ve had some internal patches that need >> fixing on update, thats always been down to us not keeping them up to >> date >> with changes. > > We were using HEAD, not a local copy that we could put patches in > (that was the issue - we'd submit patches up and find them not applied > for months in some cases.) That's really unfortunate and I don't think you're alone, bringing in more resources to ports something that needs to be worked on. >> >> Sure we could have got lucky but it does mean that such a blanket >> statement >> is not valid for everyone’s use case. > > I think you'll find using HEAD (as in the raw HEAD) not just a local > copy with local patches it probably does ring true a lot - that said, > didn't really bite me badly until the decision to force user changes > by breaking the existing system (for me that was pkg_* -> pkgng) for > others.. well they can say if they dare to chip in. pkg -> pkgng was a little bit bumpy at the start but the results have been very much worth it. > >> >> I’m not sure if it’s possible but if you’re already allocating >> resources to >> help handle security patches could that not be something that the wider >> user base could benefit from via helping the secteam, if its turnaround >> time on security patches you’re highlighting as an issue here? >> > > Not working on FreeBSD now, the team deals with all in house OSes, > FreeBSD is not deployed here anymore except on legacy machines that > are being replaced (and I'm surprised there are any left now.) > Sorry to hear that.