Why Are You NOT Using FreeBSD?
Adam Strohl
adams-freebsd at ateamsystems.com
Sun Jun 3 10:42:59 UTC 2012
On 6/3/2012 17:24, Etienne Robillard wrote:
> Technical debt perhaps counts when upstream vendor "new versions" breaks
> things unexpectingly ?
For this to happen though that means one of two things:
1. The port maintainer has updated the port to grab this new version,
and tested it (and it worked) then committed the change. And now it
doesn't work for some people/setups. They need to know and fix it.
2. Then the upstream vendor, behind everyone's back, changes the code
inside the distro file(s). This then breaks the MD5/SHA256 check. The
port maintainer needs to know so they can fix it.
For #1 I see it as delaying the fix ("I won't report my problem, I'll
just use an old version").
For #2 Having an old version of the ports tree wouldn't solve this issue
since it was prompted by a change by the vendor to begin with.
I feel like this thread is grossly overstating how often ports are
broken which is super rare in my experience. Proposing a version'd ports
tree seems like a bad-practice-encouraging-solution to a problem that
doesn't really exist [in my experience].
And it is bad practice. There is a constant stream of security issues
being discovered and ignoring them is totally inappropriate.
Yes there are rare situations where you have to make a trade off on
security to fit some highly specialized need but I wouldn't want that to
be encouraged and it certainly isn't the solution to broken ports.
P.S.
Not subbed to -ports, CC me on replies.
More information about the freebsd-ports
mailing list