Welcome flavors! portmaster now dead? synth?

Steven Hartland killing at multiplay.co.uk
Tue Dec 5 09:22:32 UTC 2017


On 05/12/2017 04:51, Michelle Sullivan wrote:
> Steven Hartland wrote:
>> On Mon, 4 Dec 2017 at 03:02, Michelle Sullivan <michelle at sorbs.net> 
>> wrote:
>>
>>> You mean if you're not into security or part of a security company stay
>>> on quarterly, but if you need to keep patched up because you are in the
>>> top 100 of most attacked sites/companies in the world, deploy a team of
>>> people to patch security issues and run your own ports tree because
>>> breakage on HEAD is often and when you need it the least and quarterly
>>> doesn't guarantee it'll even work/compile and nearly never gets 
>>> security
>>> patches.
>>>
>>>
>>> Sorry, but that's the truth of it and the reason I no longer use 
>>> FreeBSD
>>> or the Ports tree, instead using a derivative of each which is a lot
>>> more stable and patched against security issues within hours of them
>>> being identified.
>>
>> This has not been our experience here, we’ve run our own ports tree from
>> HEAD for many years and while we’ve had some internal patches that need
>> fixing on update, thats always been down to us not keeping them up to 
>> date
>> with changes.
>
> We were using HEAD, not a local copy that we could put patches in 
> (that was the issue - we'd submit patches up and find them not applied 
> for months in some cases.)
That's really unfortunate and I don't think you're alone, bringing in 
more resources to ports something that needs to be worked on.
>>
>> Sure we could have got lucky but it does mean that such a blanket 
>> statement
>> is not valid for everyone’s use case.
>
> I think you'll find using HEAD (as in the raw HEAD) not just a local 
> copy with local patches it probably does ring true a lot - that said, 
> didn't really bite me badly until the decision to force user changes 
> by breaking the existing system (for me that was pkg_* -> pkgng) for 
> others.. well they can say if they dare to chip in.
pkg -> pkgng was a little bit bumpy at the start but the results have 
been very much worth it.
>
>>
>> I’m not sure if it’s possible but if you’re already allocating 
>> resources to
>> help handle security patches could that not be something that the wider
>> user base could benefit from via helping the secteam, if its turnaround
>> time on security patches you’re highlighting as an issue here?
>>
>
> Not working on FreeBSD now, the team deals with all in house OSes, 
> FreeBSD is not deployed here anymore except on legacy machines that 
> are being replaced (and I'm surprised there are any left now.)
>
Sorry to hear that.



More information about the freebsd-ports mailing list