Have been using FreeBSD on a testing machine for a while, and notice that some server related ports get updated with a long delay on FreeBSD.
One example is php5. Ports has currently version 5.4.7 since October 4, but it was released September 13, nearly a month before.
ruby19 is another example. Current version in ports is 1.9.3-p194 and last release was 1.9.3-p286 which in fact had some security fixes. http://www.ruby-lang.org/en/news/2012/10/12/ruby-1-9-3-p286-is-released/
Also since last commit in files (CVSWeb) looks 5 month old at least, I assume fix wasn't backported either.
These 2 are only examples but have seen this delay in other server related ports, like MySQL which had a corruption error recently and also that port update came kind of late.
My concern is that in my opinion a system is as secured as the software it runs, and sometimes failing for as long as a month in a port that provide a service (database, web, scripting languages) may compromise a system. FreeBSD is an excellent OS and kudos for the developers and thanks for your hard work, but again, server related ports should get a little more love.
One example is php5. Ports has currently version 5.4.7 since October 4, but it was released September 13, nearly a month before.
ruby19 is another example. Current version in ports is 1.9.3-p194 and last release was 1.9.3-p286 which in fact had some security fixes. http://www.ruby-lang.org/en/news/2012/10/12/ruby-1-9-3-p286-is-released/
Also since last commit in files (CVSWeb) looks 5 month old at least, I assume fix wasn't backported either.
These 2 are only examples but have seen this delay in other server related ports, like MySQL which had a corruption error recently and also that port update came kind of late.
My concern is that in my opinion a system is as secured as the software it runs, and sometimes failing for as long as a month in a port that provide a service (database, web, scripting languages) may compromise a system. FreeBSD is an excellent OS and kudos for the developers and thanks for your hard work, but again, server related ports should get a little more love.
