From owner-freebsd-ports@FreeBSD.ORG Sun Jun 3 10:42:59 2012 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3C618106564A for ; Sun, 3 Jun 2012 10:42:59 +0000 (UTC) (envelope-from adams-freebsd@ateamsystems.com) Received: from fss.sandiego.ateamservers.com (fss.sandiego.ateamservers.com [69.55.229.149]) by mx1.freebsd.org (Postfix) with ESMTP id 1D66F8FC08 for ; Sun, 3 Jun 2012 10:42:58 +0000 (UTC) Received: from [192.168.15.220] (unknown [118.175.84.92]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by fss.sandiego.ateamservers.com (Postfix) with ESMTPSA id 7D14BB9F22; Sun, 3 Jun 2012 06:42:57 -0400 (EDT) Message-ID: <4FCB3FAF.7010504@ateamsystems.com> Date: Sun, 03 Jun 2012 17:42:55 +0700 From: Adam Strohl Organization: A-Team Systems User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: erob@gthcfoundation.org References: <4FCA0B5F.5010500@digsys.bg> <4FCA20C5.6010901@zedat.fu-berlin.de> <2421561.4aJcXPZZxh@x220.ovitrap.com> <4FCB38F2.4030505@ateamsystems.com> <4FCB3B6D.4020802@gthcfoundation.org> In-Reply-To: <4FCB3B6D.4020802@gthcfoundation.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Etienne Robillard , freebsd-ports@freebsd.org Subject: Re: Why Are You NOT Using FreeBSD? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jun 2012 10:42:59 -0000 On 6/3/2012 17:24, Etienne Robillard wrote: > Technical debt perhaps counts when upstream vendor "new versions" breaks > things unexpectingly ? For this to happen though that means one of two things: 1. The port maintainer has updated the port to grab this new version, and tested it (and it worked) then committed the change. And now it doesn't work for some people/setups. They need to know and fix it. 2. Then the upstream vendor, behind everyone's back, changes the code inside the distro file(s). This then breaks the MD5/SHA256 check. The port maintainer needs to know so they can fix it. For #1 I see it as delaying the fix ("I won't report my problem, I'll just use an old version"). For #2 Having an old version of the ports tree wouldn't solve this issue since it was prompted by a change by the vendor to begin with. I feel like this thread is grossly overstating how often ports are broken which is super rare in my experience. Proposing a version'd ports tree seems like a bad-practice-encouraging-solution to a problem that doesn't really exist [in my experience]. And it is bad practice. There is a constant stream of security issues being discovered and ignoring them is totally inappropriate. Yes there are rare situations where you have to make a trade off on security to fit some highly specialized need but I wouldn't want that to be encouraged and it certainly isn't the solution to broken ports. P.S. Not subbed to -ports, CC me on replies.