base components should always be default (Re: change in default openssl coming)

Michelle Sullivan michelle at
Sat Jul 9 08:49:05 UTC 2016

Xin Li wrote:
> On 7/8/16 12:20, Grzegorz Junka wrote:
>> The only reason I heard why base isn't updated with the proper package
>> from ports is because of security implications. Older versions are more
>> security-tested and therefore safer. If there is a vulnerability in the
>> base it's much more hassle to update the base than ports.
> Not necessarily safer -- for instance on FreeBSD 9.x the base system
> OpenSSL is EoL'ed by upstream, and therefore the security fixes are
> backported by secteam@ in a case-by-case manner.  Generally speaking,
> newer code is safer and supports newer standards, and we recommend ALL
> users who are still on FreeBSD 9.x to use port version of OpenSSL.
Did that a long time ago when I realised how FreeBSD actually supports 
the people using it instead of the developers.. not that it worries me 
now, shortly I won't have any FreeBSD hosts.

Michelle Sullivan

More information about the freebsd-ports mailing list