Date: Sun, 18 Mar 2001 19:46:38 +0100 From: Markus Holmberg <markush@acc.umu.se> To: Kris Kennaway <kris@obsecurity.org> Cc: Eric M Logan <eric_m_logan@yahoo.com>, "freebsd-stable@FreeBSD.ORG" <freebsd-stable@FreeBSD.ORG> Subject: Re: ports vs. packages... Message-ID: <20010318194637.A10260@acc.umu.se> In-Reply-To: <20010317125349.E22316@mollari.cthul.hu>; from kris@obsecurity.org on Sat, Mar 17, 2001 at 12:53:49PM -0800 References: <3AB3C1C2.67E1AB9B@yahoo.com> <20010317125349.E22316@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Isn't there a small security advantage with building from source (compared to downloading packages from an untrusted party)? With source one can be assured that the port is built from unmodified data since the downloaded distfiles are checked with checksums. (Assuming the local ports tree can be trusted) As opposed to packages where there is no verification at all that you didn't receive something manipulated. (The possibility of someone setting up a FreeBSD mirror distributing trojaned packages disturbs me) I'm not sure if I overlooked something though.. Regards, Markus. On Sat, Mar 17, 2001 at 12:53:49PM -0800, Kris Kennaway wrote: > On Sat, Mar 17, 2001 at 11:57:54AM -0800, Eric M Logan wrote: > > Can anyone tell me if there's any advantage(s) to installing > > applications from the ports collection as opposed to just using the > > available packages. This is of course, aside from the ability to > > manipulate a variable or two or when there are no precompiled binaries > > available. It just seems to me that using packages is so much quicker > > and more convenient. Would compiling from the ports collection > > implement some enhancements for your particular processor for instance? > > Any help would be appreciated. Thanks. > > There are three main benefits I can think of: > > * You get to choose your compiler settings. This includes things like > -march=<...> to optimize for your processor (e.g. check out the > CPUTYPE setting in /etc/defaults/make.conf on 4.3) > > * There is always a lag of about 2 days between when a port is > available and when the package is rebuilt from it. This may be > relevant for updates you really want/need, like security or bugfix > updates. > > * You have finer control over build knobs, e.g. some ports adapt > themselves to what other stuff you have installed on the system > (GNOME, esound, etc) and will configure themselves to use it. There > are lots of "manual" knobs for enabling/disabling features too. > > Kris -- Markus Holmberg | Give me Unix or give me a typewriter. markush@acc.umu.se | http://www.freebsd.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010318194637.A10260>