On Mon, 11 Dec 2017 19:36:49 +0100 "Kurt Jaeger" <[email protected]> said
Hi! > if the majority of people install their systems via packages, that makes for > a fairly common FreeBSD base across all users. Why would a system installed via packaged be more homogenous than one installed as base, and updated via freebsd-update ? I don't understand this -- can you elaborate ?
OK. I'll try. I'm afraid I sort of went on a Jag, and didn't really make a good point -- if *any* point. Sorry. But to the point, and sorry for the (additional) deviation; If I have a user base that shares a near identical install. I am far closer to finding/having a pattern I can work with to *exploit*, as an evil hacker. So here's the thing; working from the history of Linux, and for that matter, even MS products... someone discovers an exploit in FreeBSD, or some component common to FreeBSD. I can take down a *much* greater number of users, now that the (larger) portion of FreeBSD' user base share such a common install base -- applications(ports)/kernel et al; are pretty much all the same for *everyone* because of the introduction of pkg(8). Yes. But what's the difference if they made everything from ports(7)? IMHO, and experience, users confronted with options during build time, are *more* likely to actually *choose* options that better suite their use/needs. But using packages is easier, and so if in the end everything just *works*. There's little incentive to use that scary "make" thing, and have to learn all those intimidating things associated with the ports system. Well, FLAVORS should solve all that. Wouldn't it? That *does* seem like a strong argument, and while I applaud all the efforts, and those that are responsible for those efforts. The jury is still out. FLAVORS has yet to *fully* arrive. So it's just too early to say for sure. But I would agree that it *should*. When I look back at all the security threats that Linux had to deal with (even now), and how the ultimate argument was so often; use *BSD, it's a much more secure OS by design. Which was true. Linux was/is always installed in packages, or by what ever moniker they use for them. With that, and their choice of kernel arrangement. They were left as easier targets than the BSD family of operating systems. Now looking at the increasingly narrowing of differences between the two. I can't help but think that the threat vector gap is *also* narrowing.
> In closing, and more to the point regarding Sendmail; Sendmail has a nearly > impeccable security record in at the last decade. It provides a *secure*, > more powerful, and more flexible MX on the cheap. I see little reason to > consider it an attack vector. Which makes *security*, and it's related > maintenance a pretty poor argument, for it's removal. The argument is: The update process for base is more complex than for packages, and we've come a long way to have a very nice pkg-system, in general. The mid-term plan is thus to package base, too. Packaging base means sensible packages have to be defined, and sendmail suits a package very well.
Indeed it *does*, and *should* be a package installed *along* with $BASE. That's my only argument there. :-) Thanks for your thoughtful reply, Kurt! --Chris
-- [email protected] +49 171 3101372 3 years to go !
_______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[email protected]"
