base components should always be default (Re: change in default openssl coming)
michelle at sorbs.net
Sat Jul 9 08:49:05 UTC 2016
Xin Li wrote:
> On 7/8/16 12:20, Grzegorz Junka wrote:
>> The only reason I heard why base isn't updated with the proper package
>> from ports is because of security implications. Older versions are more
>> security-tested and therefore safer. If there is a vulnerability in the
>> base it's much more hassle to update the base than ports.
> Not necessarily safer -- for instance on FreeBSD 9.x the base system
> OpenSSL is EoL'ed by upstream, and therefore the security fixes are
> backported by secteam@ in a case-by-case manner. Generally speaking,
> newer code is safer and supports newer standards, and we recommend ALL
> users who are still on FreeBSD 9.x to use port version of OpenSSL.
Did that a long time ago when I realised how FreeBSD actually supports
the people using it instead of the developers.. not that it worries me
now, shortly I won't have any FreeBSD hosts.
More information about the freebsd-ports