From owner-freebsd-questions@FreeBSD.ORG Mon Jan 14 12:07:28 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 191B154C for ; Mon, 14 Jan 2013 12:07:28 +0000 (UTC) (envelope-from nino80@gmail.com) Received: from mail-ia0-f176.google.com (mail-ia0-f176.google.com [209.85.210.176]) by mx1.freebsd.org (Postfix) with ESMTP id E6D05E3A for ; Mon, 14 Jan 2013 12:07:27 +0000 (UTC) Received: by mail-ia0-f176.google.com with SMTP id i18so357334iac.7 for ; Mon, 14 Jan 2013 04:07:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=FIMqvkq2WQeQgCPaLUjOvU6U/1y9u+Wyy2hMbGQpfcA=; b=m9p9WN3cZEb+SFajvfZuIlJlwZHY6CRC0uJX6Fw4FK/+JosnTtxZ2ifqcSot254E9g cr1iCVOqg99Z+6wmeNza5sJP9+emXOKpbcPd0WhCuveSlWqLR9YsfOy/SbYNKmR8l7hj U/ao8a8pSsPLTo3AicQBbg8ni2BXBxg6iDQu7qJQc7OB7Bv0vArPpIVVsz1+qvGO6d+G dLQzSAbZ9Vc8XPcCgdQKSNrddExQl5K4AxgyvNJRgebev8pcoysMQiZdyqfLsBLlOMCR 0XdQOtXWEL/y4LiaTwotWlYlK46ZyGcWmA1zRpTmemMa3nbwMoKmjGhLN5XwCPZbymW9 PE/A== Received: by 10.50.219.229 with SMTP id pr5mr6854710igc.64.1358165247353; Mon, 14 Jan 2013 04:07:27 -0800 (PST) MIME-Version: 1.0 Received: by 10.43.19.71 with HTTP; Mon, 14 Jan 2013 04:07:07 -0800 (PST) From: n j Date: Mon, 14 Jan 2013 13:07:07 +0100 Message-ID: Subject: pkgng package repository tracking security updates To: User Questions Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2013 12:07:28 -0000 Hi, One of my primary concerns when managing a system is its security. In the interest of security, I usually hold to that "patch early, patch often". Ports are kept well up-to-date and with portmaster it is not a problem to keep updating the ports. However, as Ivan [1] pointed out on his blog on pkgng: "Having source-based ports is all fine and well but all that time compiling ports is subtracted from the time the server(s) would perform some actually useful work. After all, servers exist to do some work, not to be waited on while compiling. The same goes for me: I don't want to wait for ports anymore." I don't want to wait for compilation too, especially on large ports and weak hardware, and do it often to stay on top of security vulnerabilities. For that reason I look forward to binary packages. So, my question regarding pkgng is not really about the tool itself, but rather what will be provided via official repositories. One of the problems with the old pkg_* tools was that packages for a lot of software didn't exist and for those that did exist they weren't updated when vulnerabilities were discovered and patched upstream (and in ports). Is this going to improve with pkgng repositories, will there be a, say, -SECURITY repository that will build the new version of packages at least as often as security vulnerabilities are fixed in ports? [1] http://ivoras.net/blog/tree/2012-08-31.using-pkgng-in-real-life.html Regards, -- Nino