FreeBSD Security Survey

Marian Hettwer MH at kernel32.de
Mon May 22 02:40:18 PDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,


Scott Long wrote:
> Brent Casavant wrote:
> 
>> While I find ports to be the single most useful feature of the FreeBSD
>> experience, and can't thank contributors enough for the efforts, I on
>> the other hand find updating my installed ports collection (for security
>> reasons or otherwise) to be quite painful.  I typically use portupgrade
>> to perform this task.  On several occasions I got "bit" by doing a
>> portupgrade which wasn't able to completely upgrade all dependencies
>> (particularly when X, GUI's, and desktops are in the mix -- though I
>> always follow the special Gnome upgrade methods when appropriate).
>>
Like Scott pointed out below, stick with either building from source, or
using packages. Mixing them may have strange side effects.
To give an example.
I usually use portupgrade without using packages. But last time I needed
to update my ports (on a production server, though private not corporate
server), I used portupgrade -P (to use packages if available).
It updated php, using packages, but unluckily the packages were built
against apache13. I'm using apache20, so my php installation was
trashed. Argh.
But even more painful is the fact that portupgrade _always_ fails on
some perl modules. Usually p5-XML-Parser. I don't know why, but it's
annoying...

> ports tree in the process, the end result is a bit more undefined.  One
> thing that I wish for is that the ports tree would branch for releases,
> and that those branches would get security updates.  I know that this
> would involve an exponentially larger amount of effort from the ports
> team, and I don't fault them for not doing it.  Still, it would be nice
> to have.
I have to agree on that statement. I would love to see branched ports.
This can get very important on servers, were you don't want to have
major upgrades, but only security updates.
I guess it's a question of manpower, hm?
Would a survey help? As in ask the ports team and FreeBSD
administrators? Maybe some will start to become port maintainer too,
just to support the increased work on ports due to branching them...
I would :)

best regards,
Marian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEcYb+gAq87Uq5FMsRAvAeAKDY0wCnps8sNKkRqUL0+77/WEh/GgCfayuU
/PH2TCKdBC7l9M6TrgY+rZM=
=hbzY
-----END PGP SIGNATURE-----


More information about the freebsd-stable mailing list