Date: Tue, 05 Dec 2017 15:51:35 +1100 From: Michelle Sullivan <michelle@sorbs.net> To: Steven Hartland <killing@multiplay.co.uk> Cc: freebsd-ports@freebsd.org, Adam Weinberger <adamw@adamw.org> Subject: Re: Welcome flavors! portmaster now dead? synth? Message-ID: <5A2625D7.7080207@sorbs.net> In-Reply-To: <CAHEMsqb1ZOsHxmD0RzbXDdN0AWQPHS1xZpDdSJYgBHo4HnC24g@mail.gmail.com> References: <CAN6yY1ujLFdKpuG4Rxz%2Bfww9gAxTBaY14iCB7RFTkh-oVB1%2B9A@mail.gmail.com> <BN6PR2001MB1730A16025654AB7C452111B80390@BN6PR2001MB1730.namprd20.prod.outlook.com> <CAOc73CD9VnLKv8-jBNW1Uj05LnEFh6kkZFKNAxp-EG9YO_AUxA@mail.gmail.com> <1512211220.79413.1.camel@yandex.com> <BN6PR2001MB17309152A0FC3776781AB53B803E0@BN6PR2001MB1730.namprd20.prod.outlook.com> <20171202184356.GA980@lonesome.com> <b0e44e55-5fc9-af2a-22c8-bfa0d30c866f@columbus.rr.com> <20800E88-36EC-49C4-A281-EA6BAB212DBF@adamw.org> <5A246D28.2020007@sorbs.net> <6881393C-BCE0-4F3E-B5AA-FC2FF995628D@adamw.org> <5A24BA3E.1050507@sorbs.net> <CAHEMsqb1ZOsHxmD0RzbXDdN0AWQPHS1xZpDdSJYgBHo4HnC24g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Steven Hartland wrote: > On Mon, 4 Dec 2017 at 03:02, Michelle Sullivan <michelle@sorbs.net> wrote: > >> You mean if you're not into security or part of a security company stay >> on quarterly, but if you need to keep patched up because you are in the >> top 100 of most attacked sites/companies in the world, deploy a team of >> people to patch security issues and run your own ports tree because >> breakage on HEAD is often and when you need it the least and quarterly >> doesn't guarantee it'll even work/compile and nearly never gets security >> patches. >> >> >> Sorry, but that's the truth of it and the reason I no longer use FreeBSD >> or the Ports tree, instead using a derivative of each which is a lot >> more stable and patched against security issues within hours of them >> being identified. > > This has not been our experience here, we’ve run our own ports tree from > HEAD for many years and while we’ve had some internal patches that need > fixing on update, thats always been down to us not keeping them up to date > with changes. We were using HEAD, not a local copy that we could put patches in (that was the issue - we'd submit patches up and find them not applied for months in some cases.) > > Sure we could have got lucky but it does mean that such a blanket statement > is not valid for everyone’s use case. I think you'll find using HEAD (as in the raw HEAD) not just a local copy with local patches it probably does ring true a lot - that said, didn't really bite me badly until the decision to force user changes by breaking the existing system (for me that was pkg_* -> pkgng) for others.. well they can say if they dare to chip in. > > I’m not sure if it’s possible but if you’re already allocating resources to > help handle security patches could that not be something that the wider > user base could benefit from via helping the secteam, if its turnaround > time on security patches you’re highlighting as an issue here? > Not working on FreeBSD now, the team deals with all in house OSes, FreeBSD is not deployed here anymore except on legacy machines that are being replaced (and I'm surprised there are any left now.) Michelle
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A2625D7.7080207>