Date: Mon, 22 May 2006 11:40:16 +0200 From: Marian Hettwer <MH@kernel32.de> To: Scott Long <scottl@samsco.org> Cc: freebsd security <freebsd-security@freebsd.org>, FreeBSD Stable <freebsd-stable@freebsd.org>, Colin Percival <cperciva@freebsd.org>, Brent Casavant <b.j.casavant@ieee.org> Subject: Re: FreeBSD Security Survey Message-ID: <44718700.2060102@kernel32.de> In-Reply-To: <44714FBB.4000603@samsco.org> References: <4471361B.5060208@freebsd.org> <20060521231657.O6063@abigail.angeltread.org> <44714FBB.4000603@samsco.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, Scott Long wrote: > Brent Casavant wrote: > >> While I find ports to be the single most useful feature of the FreeBSD >> experience, and can't thank contributors enough for the efforts, I on >> the other hand find updating my installed ports collection (for security >> reasons or otherwise) to be quite painful. I typically use portupgrade >> to perform this task. On several occasions I got "bit" by doing a >> portupgrade which wasn't able to completely upgrade all dependencies >> (particularly when X, GUI's, and desktops are in the mix -- though I >> always follow the special Gnome upgrade methods when appropriate). >> Like Scott pointed out below, stick with either building from source, or using packages. Mixing them may have strange side effects. To give an example. I usually use portupgrade without using packages. But last time I needed to update my ports (on a production server, though private not corporate server), I used portupgrade -P (to use packages if available). It updated php, using packages, but unluckily the packages were built against apache13. I'm using apache20, so my php installation was trashed. Argh. But even more painful is the fact that portupgrade _always_ fails on some perl modules. Usually p5-XML-Parser. I don't know why, but it's annoying... > ports tree in the process, the end result is a bit more undefined. One > thing that I wish for is that the ports tree would branch for releases, > and that those branches would get security updates. I know that this > would involve an exponentially larger amount of effort from the ports > team, and I don't fault them for not doing it. Still, it would be nice > to have. I have to agree on that statement. I would love to see branched ports. This can get very important on servers, were you don't want to have major upgrades, but only security updates. I guess it's a question of manpower, hm? Would a survey help? As in ask the ports team and FreeBSD administrators? Maybe some will start to become port maintainer too, just to support the increased work on ports due to branching them... I would :) best regards, Marian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEcYb+gAq87Uq5FMsRAvAeAKDY0wCnps8sNKkRqUL0+77/WEh/GgCfayuU /PH2TCKdBC7l9M6TrgY+rZM= =hbzY -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44718700.2060102>