[freebsd-questions] Looking @ upgrades mechanisms...

n j nino80 at gmail.com
Sun Dec 7 09:39:10 PST 2008

> versions. The packages for a particular branch tend to lag the updates by up
> to a couple of weeks although they are built continually.  If you want to stay
> really up to date you need to keep your tree updated with portsnap or csup
> (part of the base system) and compile them yourself. Another advantage to
> compiling is you can choose options. The packages are always built with
> default options which is generally OK, but not always optimal.

On a discussion note, wouldn't it be nice (and quite possible based on
the frequency of vulnerability reports on vuxml) to have a sort of
"security" branch for pre-built packages?

What I mean is, if you use -RELEASE package repository, you get the
benefit of a large number of pre-built packages at a cost of them not
being up to date. On the other hand, building all the packages all the
time (i.e. using -STABLE repository) results in the mentioned couple
of weeks lag, probably due to the sheer number of ports available. So,
it would be nice to have a sort of -SECURITY branch (much like it
existed before freebsd-update became part of base system) and make a
dedicated package repository where only packages with reported
vulnerabilities in vuxml would get (promptly and regularly) rebuilt
thus giving people options of doing binary up-to-date upgrading
without inflicting too much load on the package building machines.

Thoughts anyone?


More information about the freebsd-questions mailing list