Ok so freebsd itself is regurly maintained and updated however I am concerned about how various internet facing apps in the port tree are often out of date for a period of time in a vulnerable state.
We still have php on a vulnerable version with it seems noone too bothered (is everyone just running freebsd on the desktop now days?). We also now have apache in a vulnerable state, in the past I have seen various other apps take a while for updates to be commited, and of course around every 6 months and sometimes even less the ports tree gets frozen for many weeks.
Right now there is 5 security CVE against apache22 and I have been told due to port slush and to do with devel/apr I will likely be waiting until end of march to mid april for an update.
I submitted the information so portaudit would list 2.2.14 of apache22 as vulnerable but have not even had a auto response after many days.
Is freebsd no longer a security aware operating system? the ports tree is part of freebsd and its wrong to let it rot.
It seems to upgrade php to the new version I had to edit a total of 7 lines, and the port still awaits this change.
We still have php on a vulnerable version with it seems noone too bothered (is everyone just running freebsd on the desktop now days?). We also now have apache in a vulnerable state, in the past I have seen various other apps take a while for updates to be commited, and of course around every 6 months and sometimes even less the ports tree gets frozen for many weeks.
Right now there is 5 security CVE against apache22 and I have been told due to port slush and to do with devel/apr I will likely be waiting until end of march to mid april for an update.
I submitted the information so portaudit would list 2.2.14 of apache22 as vulnerable but have not even had a auto response after many days.
Is freebsd no longer a security aware operating system? the ports tree is part of freebsd and its wrong to let it rot.
It seems to upgrade php to the new version I had to edit a total of 7 lines, and the port still awaits this change.