Re: BSD handbook - was Re: debiantutorials.org seeks input and new blood
On Sat, May 02, 2009 at 06:27:44AM -0500, Neal Hogan wrote:
> FYI - While many of the fBSD folks will tout there ports/package
> system, I found it to be a pain (especially the upgrade), as did many
> others. There has recently been some chatter on their general mailing
> list to overhaul how they handle packages. Again, I found oBSD's
> package handling system to be superior.
Last I looked (last week), OBSD doesn't have security updates (patches)
for their packages; they only provide patches for the base release. If
you want to run -current, then the packages get security patches. Since
I'm on dialup, that would mean a lot of bandwidth time; basically, every
time firefox or some third-party app required a security fix, I'd have
to download the source for _everything_ and recompile _everything_.
I wish I had time to work out a system that would run on base OpenBSD
yet compile debs with OpenBSD's souped-up compiler. Then one would have
the security of OpenBSD with good package security (Debian's security
team with OpenBSD's compiler, with good responsivness).
All the BSD's have a system to audit your installed packages for ones
listed in a database as being insecure but the follow-on of patches to
fix them is missing.