keeping my freebsd secure...
steve at sohara.org
Sun Jun 13 08:50:02 GMT 2004
On Sun, 13 Jun 2004 03:02:52 +0300
Haim Ashkenazi <haim at babysnakes.org> wrote:
HA> this is another thing I'm confused about. if I stay with RELENG_4_10,
HA> would I get security updates? does this also affect the ports?
If you stay with RELENG_4_10 you will get *only* security updates
to the base system. Upgrading the base system does nothing at all to the
ports which are maintained separately and not branched. To upgrade the
ports you have to update your ports tree (with cvsup) and use portupgrade
or do it by hand which is no fun at all.
There is no way of getting only security changes for the ports,
mainly because the ports are really only canned build/install instructions
for third party applications most of which do not separate security changes
from feature changes and bug fixes. It would be nice if there were a set
of tested reliable and secure open source applications available, maintaining
such a set would be a major project in its own right. It would probably need
a shadow CVS (or similar) repository for each application and enough skilled
people to audit and test each and every change against an ever growing
regression and security test suite. Such an effort would most likely lag
behind the main development badly and/or generate forks.
The alternative, and current practice, is to depend on the main
development teams of each application to do the best they can and track
C:>WIN | Solar Thermal Systems
The computer obeys and wins. | http://www.soleire.com/
You lose and Bill collects. | Directable Mirror Arrays
More information about the freebsd-stable