Ports collection issue

Garrett Cooper youshi10 at u.washington.edu
Fri Oct 27 07:00:09 UTC 2006

Hash: SHA1

Lane wrote:
> On Thursday 26 October 2006 23:16, Garrett Cooper wrote:
>> Lane wrote:
>>> On Thursday 26 October 2006 19:07, Rik Davis wrote:
>>>> Guys,
>>>>   I'm a die hard freebsd user, but I am finding myself becomeing quite
>>>> frustrated with why you completely pulled the 5.4 ports collection off
>>>> of your ftp sites.
>>>>   When I try to use my /stand/sysinstall now and attempt to connect to
>>>> you ftp server, I ge the error that it cannot locate the 5.4-RELEASE
>>>> packages. Why would you remove a collection that is still in such high
>>>> demand by those of us that have yet to upgrade our binaries to a later
>>>> version?
>>>>   I depend on that being there, but this is not leaving a very pleasant
>>>> taste in my mouth. Also, this is not the first time I have seen you do
>>>> this. What am I supposed to do now that I no longer have access to those
>>>> packages?
>>>>   Sincerely,
>>>>   Adrian Brooks
>>> Adrian,
>>> Use /usr/ports/net/cvsup-without-gui and create a cvsupfile.  You can
>>> then selectively install src-all, src-contrib, ports-all and any of the
>>> various ports sub-trees that you need (but stick with ports-all).
>>> cvsup will get the proper Makefiles and whatnot for you.
>>> Email me if you need help setting that up.
>>> lane
>> Adrian,
>> 	Please note the fact that a lot of software distributors,
>> regardless of whether you pay for the product or not, have a limited set
>> of supported versions of their software for a reason.
>> 	In this case FreeBSD did phase out their old versions of
>> software for a reason, and that was supportability and space as Kris
>> mentioned. So, please upgrade to the latest version of your major
>> version fork (5.5 I believe).
>> 	That is all.
>> -Garrett
> Just a note for clarification:
> While the source and ports collection for 5.X may NOT be available using 
> sysinstall, it should be recognized that sysinstall is really only reliable 
> for initial installation of whatever is the current version (give or take a 
> release or two).
> cvsup and portupgrade are the preferred methods for maintaining the software.
> Just for verification I have recently used cvsup to download the entire 
> FreeBSD-3.4 system, including ports (That's right, 3.4).  While the ports may 
> not be tied directly to the kernel version, they are there as well.
> So, space considerations may be important to the maintainers, but I think they 
> put a premium on continuity.  And being able to go backward three different 
> versions is pretty darned cool!
> lane

	Well, fair enough.. the only thing is that the number of people who can
reply with a "Hey, I can help you with that particular issue" response
is much greater for more recent versions. Plus, if you do run into a
seriously issue with a driver or interface, you're sort of stuck into
upgrading anyhow..
	Backwards compatibility is good though, even at the cost of going into
unknown territory by yourself as (almost) everyone else has updated
their versions to something a bit more current :).
	Plus, I'd be sure that any issues that existed security-wise do or
don't affect the version you currently have if it's out of date. For
instance, the OpenSSL buffer overrun issue that was discovered 2 months
ago I think. I believe that the issue was fixed and patched in a few CVS
source trees, but not in others.
	So related to my previous comments, in general these are 2 important
questions to consider when administering your system:
	1. Is it or is it not secure, due to lack of support?
	2. If not, how much is it worth to me to manually update and patch the
source (assuming it's possible) to fix the vulnerabilities present in my
system instead of just upgrading?
- -Garrett
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the freebsd-questions mailing list