On Mon, 11 Dec 2017 11:10:32 +0000 "Matt Smith" <matt.x...@gmail.com> said
On Dec 10 14:58, Chris H wrote:
>OK I'm puzzled a bit. FreeBSD' motto has always been:
>The power to serve!
>but many of the proposed, and recent changes/removals end up more like:
>I's castrated!
The problem with software in the base is that it is *much* more
difficult to update to add new features or patch security issues. With a
port the software will be updated relatively quickly. And users can get
the benefits of that with a quick pkg upgrade. They might not update
their O/S for 6-12 months.
In my opinion any software which is accessible to the internet should be
patched and upgraded ASAP. It's for this reason that I've always
disabled things like OpenSSH/OpenSSL/ntpd etc in the base and used port
versions instead.
I applaud that attitude. I couldn't agree more. For that same reason, I
(not unlike you) have always excluded software that history has proven
to pose security risks ( WITHOUT_BIND=true ) for example. The same can also
*easily* be said of OpenSSL.
However, the same argument can't be made for Sendmail. Further, if I take
your argument to it's logical end. I am left with only the kernel? At what
point is enough, enough? Is the new pkg(8) system simply an attempt to make
FreeBSD the new Debian? Where everything is installed via (a) pkg? I *dearly*
hope not. The thought makes me shudder. Not that I hate Debian/Linux. Just
that I *prefer* FreeBSD, or at least a *BSD. Taking that thought a bit further;
if the majority of people install their systems via packages, that makes for
a fairly common FreeBSD base across all users. Speaking (again) of security;
doesn't this lower the bar for entry for hacking the FreeBSD (user) base?
IOW if the majority installs their systems via packages, their systems will
all be *quite* similar. If I, an evil hacker, *knows* of an entry point/flaw/...
Then I can take down a *much* larger portion of FreeBSD users, than was
usually available to me. *This* point alone, seems the biggest argument
*against* "packaging everything". IOW because it's easier, does *not* make
it better. In the big scheme of things, it really makes it *lazier*. Or at
least makes it easier to be so. One *could* argue that it *encourages* it.
But I'm only speaking from decades of support/IT work. I *know* it's true,
and I'm *not* suggesting that FreeBSD is *advocating it*. Only that (my)
history, and experience proves that it is largely human nature to take the
least line of resistance. Which in this case says history will show that the
addition of a packaged system will raise number of people vulnerable to
In closing, and more to the point regarding Sendmail; Sendmail has a nearly
impeccable security record in at the last decade. It provides a *secure*,
more powerful, and more flexible MX on the cheap. I see little reason to
consider it an attack vector. Which makes *security*, and it's related
maintenance a pretty poor argument, for it's removal.
freebsd-ports@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"