sysutils/cfs

Miroslav Lachman 000.fbsd at quip.cz
Fri Sep 9 09:25:44 UTC 2011 

Greg Byshenk wrote:
> On Fri, Sep 09, 2011 at 07:27:51AM +0200, Erik Trulsson wrote:
>> On Thu, Sep 08, 2011 at 06:54:36PM +0200, Matthias Andree wrote:
>>> Am 08.09.2011 13:52, schrieb Matt Burke:
>
>>>> Changing to a hypothetical example, why would an Apache vulnerability in
>>>> mod_rewrite in the least bit bother a person who doesn't have the module
>>>> enabled, which I believe is the standard configuration? Would you prefer
>>>> Apache be deleted from ports if it took longer than expected to fix it?
>>>
>>> That wouldn't happen anyways because the package is actively maintained,
>>> unlike many of the ports the discussion is about.
>>
>> You (and others) place *far* too much emphasis on a piece of software
>> being "maintained"
>
>
>>>> What the current FreeBSD policy of actively deleting perfectly usable ports
>>>> instead of putting a mild hurdle in the way is saying, is that FreeBSD will
>>>> stop me doing what I may want to do because FreeBSD knows best.
>>>
>>> The port isn't perfectly usable (because that would mean it's usable in
>>> all circumstances for all advertised purposes, which is explicitly not
>>> the case in the light of known vulnerabilities).
>>
>> In which case just about no port is 'perfectly usable' since almost all
>> non-trivial software contains bugs - at least some of which are not
>> documented, meaning that it isn't usable in *all* circumstances for
>> *all* advertised purposes.
>
> I can't necessarily speak for everyone, but I suspect that this is
> why 'being "maintained"' is seen as important. All software has bugs;
> what is important is that they are fixed as they are discovered,
> rather than being left to rot.

Sorry, but "maintained" doesn't mean any quarantee of quick and proper 
fix. FreeBSD it-self has many known bugs unfixed for a years. (and some 
of them are really serious) Does it mean that we should stop using 
FreeBSD, deinstall it from all servers and use something else? I don't 
think so.

I am happy user of FreeBSD for more than 10 years, because it gives me a 
freedom of choice - not enforcing me to anything.

I am expecting warning message in case of some problem in base or ports 
/ packages, but I am here to make a decision what to do next.

If I like foreign decision, I will use another OS, which can silently 
uninstall affected packages... but I don't like this idea!

--------------------------------------------------------------

 From my point of view, there are huge pressure in "cleaning" ports by 
removing anything suspicious. There are more and more people working on 
removing ports. FreeBSD lacks man power on another places.

For example I repeatedly sent some improvements and fixes to freebsd-rc 
in last few years without any reaction. It's OK, I can maintain it 
privately, but nobody else will benefit from this work.
So FreeBSD have not working iSCSI initiator rc.d script in these days, 
but will have few ports less...

I don't think this is the right way to go, but I can live with it. I 
know that it is all about interest of other volunteers.

Just my $0.02 to this almost useless discussion.

Miroslav Lachman

More information about the freebsd-ports mailing list