Date: Thu, 26 Oct 2006 23:59:54 -0700 From: Garrett Cooper <youshi10@u.washington.edu> To: freebsd-questions@freebsd.org Subject: Re: Ports collection issue Message-ID: <4541AE6A.9090100@u.washington.edu> In-Reply-To: <200610270000.50460.lane@joeandlane.com> References: <20061027000754.86183.qmail@web58305.mail.re3.yahoo.com> <200610262236.46586.lane@joeandlane.com> <45418820.9040908@u.washington.edu> <200610270000.50460.lane@joeandlane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lane wrote: > On Thursday 26 October 2006 23:16, Garrett Cooper wrote: >> Lane wrote: >>> On Thursday 26 October 2006 19:07, Rik Davis wrote: >>>> Guys, >>>> >>>> I'm a die hard freebsd user, but I am finding myself becomeing quite >>>> frustrated with why you completely pulled the 5.4 ports collection off >>>> of your ftp sites. >>>> >>>> When I try to use my /stand/sysinstall now and attempt to connect to >>>> you ftp server, I ge the error that it cannot locate the 5.4-RELEASE >>>> packages. Why would you remove a collection that is still in such high >>>> demand by those of us that have yet to upgrade our binaries to a later >>>> version? >>>> >>>> I depend on that being there, but this is not leaving a very pleasant >>>> taste in my mouth. Also, this is not the first time I have seen you do >>>> this. What am I supposed to do now that I no longer have access to those >>>> packages? >>>> >>>> Sincerely, >>>> >>>> Adrian Brooks >>> Adrian, >>> >>> Use /usr/ports/net/cvsup-without-gui and create a cvsupfile. You can >>> then selectively install src-all, src-contrib, ports-all and any of the >>> various ports sub-trees that you need (but stick with ports-all). >>> >>> cvsup will get the proper Makefiles and whatnot for you. >>> >>> Email me if you need help setting that up. >>> >>> lane >> Adrian, >> Please note the fact that a lot of software distributors, >> regardless of whether you pay for the product or not, have a limited set >> of supported versions of their software for a reason. >> In this case FreeBSD did phase out their old versions of >> software for a reason, and that was supportability and space as Kris >> mentioned. So, please upgrade to the latest version of your major >> version fork (5.5 I believe). >> That is all. >> -Garrett > > Just a note for clarification: > > While the source and ports collection for 5.X may NOT be available using > sysinstall, it should be recognized that sysinstall is really only reliable > for initial installation of whatever is the current version (give or take a > release or two). > > cvsup and portupgrade are the preferred methods for maintaining the software. > > Just for verification I have recently used cvsup to download the entire > FreeBSD-3.4 system, including ports (That's right, 3.4). While the ports may > not be tied directly to the kernel version, they are there as well. > > So, space considerations may be important to the maintainers, but I think they > put a premium on continuity. And being able to go backward three different > versions is pretty darned cool! > > lane Well, fair enough.. the only thing is that the number of people who can reply with a "Hey, I can help you with that particular issue" response is much greater for more recent versions. Plus, if you do run into a seriously issue with a driver or interface, you're sort of stuck into upgrading anyhow.. Backwards compatibility is good though, even at the cost of going into unknown territory by yourself as (almost) everyone else has updated their versions to something a bit more current :). Plus, I'd be sure that any issues that existed security-wise do or don't affect the version you currently have if it's out of date. For instance, the OpenSSL buffer overrun issue that was discovered 2 months ago I think. I believe that the issue was fixed and patched in a few CVS source trees, but not in others. So related to my previous comments, in general these are 2 important questions to consider when administering your system: 1. Is it or is it not secure, due to lack of support? 2. If not, how much is it worth to me to manually update and patch the source (assuming it's possible) to fix the vulnerabilities present in my system instead of just upgrading? - -Garrett -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFQa5q6CkrZkzMC68RAv1rAJ94e4hw5HLL4cAvvwUuzD7xqwVAWwCeJxKp ZRfmjACmNZ6C4485/BGdtuQ= =dt+I -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4541AE6A.9090100>