On 1/14/2013 1:07 PM, n j wrote:
Hi,
One of my primary concerns when managing a system is its security. In the
interest of security, I usually hold to that "patch early, patch often".
Ports are kept well up-to-date and with portmaster it is not a problem to
keep updating the ports. However, as Ivan [1] pointed out on his blog on
pkgng:
"Having source-based ports is all fine and well but all that time compiling
ports is subtracted from the time the server(s) would perform some actually
useful work. After all, servers exist to do some work, not to be waited on
while compiling. The same goes for me: I don't want to wait for ports
anymore."
I don't want to wait for compilation too, especially on large ports and
weak hardware, and do it often to stay on top of security vulnerabilities.
For that reason I look forward to binary packages.
So, my question regarding pkgng is not really about the tool itself, but
rather what will be provided via official repositories. One of the problems
with the old pkg_* tools was that packages for a lot of software didn't
exist and for those that did exist they weren't updated when
vulnerabilities were discovered and patched upstream (and in ports). Is
this going to improve with pkgng repositories, will there be a, say,
-SECURITY repository that will build the new version of packages at least
as often as security vulnerabilities are fixed in ports?
[1] http://ivoras.net/blog/tree/2012-08-31.using-pkgng-in-real-life.html
Regards,
Hi Nino,
I thing that it's good to wait for ports to compile and to be able to
chose your configure options for the packages you install. It's good to
know what options you need and what options you don't and why, that's
one of the reasons why i'm using FreeBSD. I feel that the goal for pkgng
is that you can install your locally built binary packages in a
tinderbox on all your infrastructure so you don't have to compile every
port on every server. IIRC it was considered too cumbersome to compile
all the ports tree for all the architectures supported and provide the
so called official binary repositories.
Regards,
Andrei
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
