FreeBSD Security Survey

Matthias Andree matthias.andree at
Mon May 22 03:02:44 PDT 2006

Scott Long <scottl at> writes:

> I share this frustration with you.  I was once told that the pain in
> upgrading is due largely to a somewhat invisible difference between
> installing a pre-compiled package, and building+installing a port.  In
> theory, if you stick to one method or the other, things will stay mostly
> consistent.  But if you mix them, and particularly if you update the
> ports tree in the process, the end result is a bit more undefined.  One
> thing that I wish for is that the ports tree would branch for releases,
> and that those branches would get security updates.  I know that this
> would involve an exponentially larger amount of effort from the ports
> team, and I don't fault them for not doing it.  Still, it would be nice
> to have.

Speaking as a port maintainer, if these branches would allow to just
"MFC" updates from HEAD that are proven and meet dependency requirements
for the new version, I think I'd be able to handle this. The major ports
for concern I maintain (db3* db4*) have forked minor versions for
compatibility anyways.

If it's a "bugfix only" policy that may involve ripping out the minimum
fix out of a larger patch set, it'll pretty much be a non-starter for me
unless someone funds that work.

Matthias Andree

More information about the freebsd-stable mailing list