Are some packages safer to compile from source?
I was just grabbing Tor from the amd64 packages on the ftp server (ftp://ftp.OpenBSD.org/pub/OpenBSD/) and the version of Tor is 0.2.1.30. The current version is 2.2.34, which recently had a very important security update pertaining to anonymity. In cases like these, would grabbing software by source from their main website and compiling it manually be the safest way to obtain programs?
Re: Are some packages safer to compile from source?
On Fri, 11 Nov 2011 08:02:59 -0800 (PST), James Hozier wrote: I was just grabbing Tor from the amd64 packages on the ftp server (ftp://ftp.OpenBSD.org/pub/OpenBSD/) and the version of Tor is 0.2.1.30. The current version is 2.2.34, which recently had a very important security update pertaining to anonymity. In cases like these, would grabbing software by source from their main website and compiling it manually be the safest way to obtain programs? No. tor-2.2.34 has been MFCed to -stable, so it's easiest to compile from a -stable ports tree.
Re: Are some packages safer to compile from source?
From: Pascal Stumpf pascal.stu...@cubes.de Subject: Re: Are some packages safer to compile from source? To: James Hozier guitars...@yahoo.com Cc: misc@openbsd.org Date: Friday, November 11, 2011, 4:40 PM On Fri, 11 Nov 2011 08:02:59 -0800 (PST), James Hozier wrote: I was just grabbing Tor from the amd64 packages on the ftp server (ftp://ftp.OpenBSD.org/pub/OpenBSD/) and the version of Tor is 0.2.1.30. The current version is 2.2.34, which recently had a very important security update pertaining to anonymity. In cases like these, would grabbing software by source from their main website and compiling it manually be the safest way to obtain programs? No. tor-2.2.34 has been MFCed to -stable, so it's easiest to compile from a -stable ports tree. Ah, I thought I read somewhere in the FAQ that it was suggested for all users to use packages to save time+bandwidth so I have actually never used Ports before. Thank you
