[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: BSD handbook - was Re: debiantutorials.org seeks input and new blood

On Sat, May 2, 2009 at 9:30 AM, Douglas A. Tutty <dtutty@vianet.ca> wrote:
> On Sat, May 02, 2009 at 06:27:44AM -0500, Neal Hogan wrote:
>> FYI - While many of the fBSD folks will tout there ports/package
>> system, I found it to be a pain (especially the upgrade), as did many
>> others. There has recently been some chatter on their general mailing
>> list to overhaul how they handle packages. Again, I found oBSD's
>> package handling system to be superior.
> Last I looked (last week), OBSD doesn't have security updates (patches)
> for their packages; they only provide patches for the base release.  If
> you want to run -current, then the packages get security patches.  Since
> I'm on dialup, that would mean a lot of bandwidth time; basically, every
> time firefox or some third-party app required a security fix, I'd have
> to download the source for _everything_ and recompile _everything_.

I don't want to labor this point here, but just one more thing. If you
are going to follow current, the recommended way to go about it is to
do binary upgrades of the kernel (i.e, snapshots). You don't have to
compile src every time. The same goes for packages, binary snapshots
of which are updated every few months or so (probably not that often).


> I wish I had time to work out a system that would run on base OpenBSD
> yet compile debs with OpenBSD's souped-up compiler.  Then one would have
> the security of OpenBSD with good package security (Debian's security
> team with OpenBSD's compiler, with good responsivness).
> All the BSD's have a system to audit your installed packages for ones
> listed in a database as being insecure but the follow-on of patches to
> fix them is missing.
> Doug.
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

www.nealhogan.net          www.lambdaserver.com

Reply to: