Welcome flavors! portmaster now dead? synth?

Michelle Sullivan michelle at sorbs.net
Mon Dec 4 03:02:11 UTC 2017 

Adam Weinberger wrote:
>> On 3 Dec, 2017, at 14:31, Michelle Sullivan <michelle at sorbs.net> wrote:
>>
>> Adam Weinberger wrote:
>>> You seem very angry about things breaking in HEAD, Baho. Things break in HEAD sometimes. This is why we recommend that end-users who can't have breakages, or users who depend on undeveloped tools, stay on the quarterly branch. Portmaster works perfectly on quarterly. Always has.
>>>
>> Quarterly is just a frozen HEAD with no/minute chances of security patches or other changes... why would you want to be there?  I couldn't even get someone to patch a security issue before the pkg_*->pkgng change..  was patched 4 days later despite having the patch in the bug before... and despite asking for the patch to be put in the quarterly they didn't either.  One continues to watch the exodus.
> The MFH process was very complicated at first, and many committers didn't participate in it. Now it's largely automated and expected of all ports committers. The quarterly branches these days receive essentially all security fixes and most build fixes. As with all things FreeBSD, it's a best-effort process.
>
> Quarterly is mostly static, and receives no unnecessary updates. It also receives no known breakages. That's the tradeoff between it and head.
>
> We do the best we can, and if things get missed it's because we need more community involvement.

I got involved, I got shutdown by people who are determined to move 
FreeBSD in their direction, I am no longer involved.


> If you can't handle the flux of HEAD, stay on quarterly. If you need the cutting-edge, use HEAD. As you noted, we are strained for resources to keep quarterly going; we simply don't have the ability to provide another in-between level.
>

You mean if you're not into security or part of a security company stay 
on quarterly, but if you need to keep patched up because you are in the 
top 100 of most attacked sites/companies in the world, deploy a team of 
people to patch security issues and run your own ports tree because 
breakage on HEAD is often and when you need it the least and quarterly 
doesn't guarantee it'll even work/compile and nearly never gets security 
patches.


Sorry, but that's the truth of it and the reason I no longer use FreeBSD 
or the Ports tree, instead using a derivative of each which is a lot 
more stable and patched against security issues within hours of them 
being identified.

Regards,

Michelle

More information about the freebsd-ports mailing list