Date: Mon, 04 Dec 2017 20:31:43 +0000 From: Steven Hartland <killing@multiplay.co.uk> To: Michelle Sullivan <michelle@sorbs.net> Cc: Adam Weinberger <adamw@adamw.org>, freebsd-ports@freebsd.org Subject: Re: Welcome flavors! portmaster now dead? synth? Message-ID: <CAHEMsqb1ZOsHxmD0RzbXDdN0AWQPHS1xZpDdSJYgBHo4HnC24g@mail.gmail.com> In-Reply-To: <5A24BA3E.1050507@sorbs.net> References: <CAN6yY1ujLFdKpuG4Rxz%2Bfww9gAxTBaY14iCB7RFTkh-oVB1%2B9A@mail.gmail.com> <BN6PR2001MB1730A16025654AB7C452111B80390@BN6PR2001MB1730.namprd20.prod.outlook.com> <CAOc73CD9VnLKv8-jBNW1Uj05LnEFh6kkZFKNAxp-EG9YO_AUxA@mail.gmail.com> <1512211220.79413.1.camel@yandex.com> <BN6PR2001MB17309152A0FC3776781AB53B803E0@BN6PR2001MB1730.namprd20.prod.outlook.com> <20171202184356.GA980@lonesome.com> <b0e44e55-5fc9-af2a-22c8-bfa0d30c866f@columbus.rr.com> <20800E88-36EC-49C4-A281-EA6BAB212DBF@adamw.org> <5A246D28.2020007@sorbs.net> <6881393C-BCE0-4F3E-B5AA-FC2FF995628D@adamw.org> <5A24BA3E.1050507@sorbs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Dec 2017 at 03:02, Michelle Sullivan <michelle@sorbs.net> wrote: > > You mean if you're not into security or part of a security company stay > on quarterly, but if you need to keep patched up because you are in the > top 100 of most attacked sites/companies in the world, deploy a team of > people to patch security issues and run your own ports tree because > breakage on HEAD is often and when you need it the least and quarterly > doesn't guarantee it'll even work/compile and nearly never gets security > patches. > > > Sorry, but that's the truth of it and the reason I no longer use FreeBSD > or the Ports tree, instead using a derivative of each which is a lot > more stable and patched against security issues within hours of them > being identified. This has not been our experience here, we=E2=80=99ve run our own ports tree= from HEAD for many years and while we=E2=80=99ve had some internal patches that = need fixing on update, thats always been down to us not keeping them up to date with changes. Sure we could have got lucky but it does mean that such a blanket statement is not valid for everyone=E2=80=99s use case. I=E2=80=99m not sure if it=E2=80=99s possible but if you=E2=80=99re already= allocating resources to help handle security patches could that not be something that the wider user base could benefit from via helping the secteam, if its turnaround time on security patches you=E2=80=99re highlighting as an issue here?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHEMsqb1ZOsHxmD0RzbXDdN0AWQPHS1xZpDdSJYgBHo4HnC24g>