[RFC] Why FreeBSD ports should have branches by OS version

Michelle Sullivan michelle at sorbs.net
Sun Jun 25 07:39:45 UTC 2017

Martin Waschbüsch wrote:
>> Am 23.06.2017 um 23:53 schrieb Michelle Sullivan <michelle at sorbs.net>:
>> Matt Smith wrote:
>>> I use FreeBSD *precisely* because it mostly keeps up with the latest stable versions of things. I have postfix 3.2, pgsql 9.6, nginx 1.13, libressl 2.5 etc. It's usually impossible to do this with linux unless you install things directly from source.
>> And me I came to FreeBSD because it was security conscious but not latest and greatest or nothing... well not strictly true, P Vixie forced me into trying it.. but I changed from Linux to FreeBSD across my entire product because of stability... which doesn't exist in the same way now (and hasn't since 2013ish)..
> FWIW, personally, I never perceived statements about FreeBSD's stability to extend beyond the scope of the (complete) OS itself.

There in lies a problem..  Something happened, now the OS is not as 
stable, as for a 'installed the CD how long before a reboot' is it, but 
how often do we *have* to upgrade because of a security issue.. seems 
like every 5 minutes now... ports (some of them) do form part of the 
OS... if the ports tree stops working on older versions of the OS then 
you *have* to upgrade.

> I always regarded ports very much as a convenience. pkg even more so.

I don't consider pkg at all.  Ports are partly.

>>> I upgrade my ports/packages via poudriere every single day which mostly just takes 2 minutes of my time as usually that results in maybe one or two packages being updated at a time. I see this as a positive thing rather than doing one massive huge upgrade every 3 months.
>> Currently have 87 servers located across 7 continents, all in production processing incoming spam at the millions per day, and serving DNS requests at a rate of over 70,000 queries per second (averaged over a week)... you can't just f**k with that.  Patches have to be evaluated, tested, built and regression tested....
> My personal conclusion is that if I need to ensure that issues (especially security fixes) are dealt with in a timely manner then I have to do the patching, testing, evaluating, etc. myself.

Mostly agreed... depends on your definition of  'do the patching 
yourself'.. if you mean taking patches applying them yourself, then yes 
100% agree, if you mean developing the patch yourself in whole or in 
part... no.

> After all, even if all that was thoroughly done by upstream, port maintainer, etc., who’s to say my specific setup and config won’t bring issues to light their testing didn’t?

100% with you.

Michelle Sullivan

More information about the freebsd-ports mailing list