Date: Sat, 09 Jul 2016 10:48:55 +0200 From: Michelle Sullivan <michelle@sorbs.net> To: Xin Li <delphij@delphij.net>, freebsd-ports@freebsd.org Subject: Re: base components should always be default (Re: change in default openssl coming) Message-ID: <5780BA77.9090409@sorbs.net> In-Reply-To: <541d8b69-b177-3ddf-8a2d-560e778001ca@delphij.net> References: <D13290234BD20864405FC0B2@atuin.in.mat.cc> <f146f327-67f8-2ecf-21a9-b348dbe614c2@aldan.algebra.com> <b4c87f59-fd30-19fd-5251-65c47720a0dc@gjunka.com> <541d8b69-b177-3ddf-8a2d-560e778001ca@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Xin Li wrote: > > On 7/8/16 12:20, Grzegorz Junka wrote: >> The only reason I heard why base isn't updated with the proper package >> from ports is because of security implications. Older versions are more >> security-tested and therefore safer. If there is a vulnerability in the >> base it's much more hassle to update the base than ports. > Not necessarily safer -- for instance on FreeBSD 9.x the base system > OpenSSL is EoL'ed by upstream, and therefore the security fixes are > backported by secteam@ in a case-by-case manner. Generally speaking, > newer code is safer and supports newer standards, and we recommend ALL > users who are still on FreeBSD 9.x to use port version of OpenSSL. > Did that a long time ago when I realised how FreeBSD actually supports the people using it instead of the developers.. not that it worries me now, shortly I won't have any FreeBSD hosts. -- Michelle Sullivan http://www.mhix.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5780BA77.9090409>