FreeBSD Security Survey

Michel Talon talon at
Mon May 22 02:43:36 PDT 2006

>> ports tree in the process, the end result is a bit more undefined.  One
>> thing that I wish for is that the ports tree would branch for releases,
>> and that those branches would get security updates.  I know that this
>> would involve an exponentially larger amount of effort from the ports
>> team, and I don't fault them for not doing it.  Still, it would be nice
>> to have.
>Yes, totally agree.
>That's the way OpenBSD ports tree works and it worked very well for me.
>Thus not to say FreeBSD's one didn't, but it takes a lot more attention,
>which isn't always a bad thing ;)

OpenBSD doesn't have next to 15000 ports. In my opinion, this richness is
one of the main assets of FreeBSD, and by necessity implies a great difficulty
to maintain everything in a coherent and secure state. You have only to
contemplate the years it took to release Debian Sarge to convince yourself.
Personnally i am quite pleased with the present state of the FreeBSD ports,
i think it is in a much better state than a couple of years before, and
for my own use, security is a very secondary issue. People who have machines
exposed on the internet usually have a small number of ports installed, and
can maintain them in the latest secure version. I have around 600 ports
installed on my 6.1 machine, which will certainly grow in time, and no
intention whatsoever to run portupgrade on that.


Michel TALON

More information about the freebsd-stable mailing list