Re: PKGBASE Removes FreeBSD Base System Feature

On Thu, 31 Jul 2025, vimanuelt wrote:
> ... the current architectural assumptions underpinning FreeBSD?s package
> management model. The practice of overloading a single tool, namely pkg, to
> manage both the base system and third-party software introduces semantic
> ambiguity, violates long-standing UNIX separation-of-concerns principles,

A single pkg command for both base and third-party packages would not be
a problem so much as a feature for 3 reasons: 1) it has a long track
record of working in Linux, 2) it facilitates 'distroless' and 'minimal'
base and jails which, like Linux containers, are much desired as they
reduce the attack surface and minimize pkg update overhead, and 3) yet
another package command would be confusing and create unnecessary
maintenance overhead.

For those worried about recursive deletes, removing essential base
packages with a '-F' flag (force base too) and/or '-RR' (recurse base
too) could potentially limit unintentional dangerous actions.  Either
way it would IMO be simpler and more intuitive if all pkg flags were
base-aware rather than requiring a different command with a slightly
different set of flags.

Bottom line: FreeBSD's current inability to create a minimal base, much
less minimal jails, is a HUGE USABILITY GAP that makes the OS
problematic to spec in appliances and IoT much less jails.  Facilitating
security updates and enabling minimal distributions are critical to
FreeBSD staying viable as an OS.  I say this as a security analyst who
spends a large portion of every working day trying to help engineering
and operations patch tens of thousands of unnecessarily
vulnerability-ridden systems.

Roger Marquis