FreeBSD Security Survey
talon at lpthe.jussieu.fr
Mon May 22 02:43:36 PDT 2006
>> ports tree in the process, the end result is a bit more undefined. One
>> thing that I wish for is that the ports tree would branch for releases,
>> and that those branches would get security updates. I know that this
>> would involve an exponentially larger amount of effort from the ports
>> team, and I don't fault them for not doing it. Still, it would be nice
>> to have.
>Yes, totally agree.
>That's the way OpenBSD ports tree works and it worked very well for me.
>Thus not to say FreeBSD's one didn't, but it takes a lot more attention,
>which isn't always a bad thing ;)
OpenBSD doesn't have next to 15000 ports. In my opinion, this richness is
one of the main assets of FreeBSD, and by necessity implies a great difficulty
to maintain everything in a coherent and secure state. You have only to
contemplate the years it took to release Debian Sarge to convince yourself.
Personnally i am quite pleased with the present state of the FreeBSD ports,
i think it is in a much better state than a couple of years before, and
for my own use, security is a very secondary issue. People who have machines
exposed on the internet usually have a small number of ports installed, and
can maintain them in the latest secure version. I have around 600 ports
installed on my 6.1 machine, which will certainly grow in time, and no
intention whatsoever to run portupgrade on that.
More information about the freebsd-stable