Mike Tancsa wrote:
At 10:13 AM 12/10/2005, Ivan Voras wrote:
My idea is that there could maybe be some "core" ports, about 1500 or so,
This sounds like a recipe for confusion. Some users have problems
distinguishing between whats in the base, and whats out of the ports.
Another type of "psudo base app" would just add to the confusion. User
I agree that "core ports" is a very confusing name... maybe something
like "ports with extended security support" :)
/ admins need to take *some* responsibility for what is installed on
their system. Many ports are not very well maintained in the first
place and to say that the security team should be responsible for
another 1500 applications is not realistic.
No, not the FreeBSD security team - I mentioned them only as a reference
for "how long does it make sense to support a release". All ports that
would get the extended support will HAVE to be supported by their
respective maintainers/authors. Any port whose maintainer doesn't want
to do it this way will automatically get kicked off the list.
The reason why I think this would work is that I think that many
widely-used applications (e.g.: apache, php, mysql, postgresql, perl,
postfix) are well maintained by their authors and there would certainly
be an audience among the maintainers themselves for such a thing.
To summarize:
- each release would tag the ports tree with RELENG_x_y
- on that tag, certain ports would be supported security-wise by their
maintainers for as long as RELENG_x_y itself is supported by the
security team, being carefull to leave the same version of the port (or
one that's 100% backward compatible).
- other ports would not be supported/maintained, and will just be
"frozen in time" by the CVS tag.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
