Date: Wed, 23 Mar 2022 23:10:31 UTC
Hi, What's the advantage in updating a port over using its own ecosystem? examples: www/nextcloud and www/drupal9 These are popular programs which, because they are popular, present a vulnerability vector from a security standpoint if they're not kept up-to-date, and also if their dependencies aren't kept up-to-date. Isn't it better for these to use their own ecosystem to keep up-to-date? Drupal releases updates seemingly every month. Right now, ports is at 9.3.7 yet the latest is 9.3.9. 9.3.7 has two current CVEs for -core, according to their website. I have used the ports system to for example install nextcloud, getting it all working then moving its dir from www/nextcloud to www/nextcloud1, purging it from ports then moving it back. Do others install then use drupal in the same fashion? -- J.