Date: Sun, 03 Jun 2012 17:42:55 +0700 From: Adam Strohl <adams-freebsd@ateamsystems.com> To: erob@gthcfoundation.org Cc: Etienne Robillard <animelovin@gmail.com>, freebsd-ports@freebsd.org Subject: Re: Why Are You NOT Using FreeBSD? Message-ID: <4FCB3FAF.7010504@ateamsystems.com> In-Reply-To: <4FCB3B6D.4020802@gthcfoundation.org> References: <C480320C-0CD9-4B61-8AFB-37085C820AB7@FreeBSD.org> <4FCA0B5F.5010500@digsys.bg> <4FCA20C5.6010901@zedat.fu-berlin.de> <2421561.4aJcXPZZxh@x220.ovitrap.com> <4FCB38F2.4030505@ateamsystems.com> <4FCB3B6D.4020802@gthcfoundation.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/3/2012 17:24, Etienne Robillard wrote:
> Technical debt perhaps counts when upstream vendor "new versions" breaks
> things unexpectingly ?
For this to happen though that means one of two things:
1. The port maintainer has updated the port to grab this new version,
and tested it (and it worked) then committed the change. And now it
doesn't work for some people/setups. They need to know and fix it.
2. Then the upstream vendor, behind everyone's back, changes the code
inside the distro file(s). This then breaks the MD5/SHA256 check. The
port maintainer needs to know so they can fix it.
For #1 I see it as delaying the fix ("I won't report my problem, I'll
just use an old version").
For #2 Having an old version of the ports tree wouldn't solve this issue
since it was prompted by a change by the vendor to begin with.
I feel like this thread is grossly overstating how often ports are
broken which is super rare in my experience. Proposing a version'd ports
tree seems like a bad-practice-encouraging-solution to a problem that
doesn't really exist [in my experience].
And it is bad practice. There is a constant stream of security issues
being discovered and ignoring them is totally inappropriate.
Yes there are rare situations where you have to make a trade off on
security to fit some highly specialized need but I wouldn't want that to
be encouraged and it certainly isn't the solution to broken ports.
P.S.
Not subbed to -ports, CC me on replies.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FCB3FAF.7010504>