I'm sure this has been asked and answered in other threads, but I'm still unsure of what is best for my scenario. I manage multiple FreeBSD servers and security is a big concern. Recently we started migrating servers from our own Poudriere server and to the default repo. After running a few of our servers on the quarterly repo we are seeing packages with vulnerabilities that are not getting security fixes backported (postgresql10-server, openjpeg) and other ports where security fixes took a long time coming (curl). I'm sure I could create a PR for these ports and possibly speed up the process, but I'm asking myself whether I'm better off on latest and dealing with breakages, rather than waiting for security fixes and working around them not coming?
I'm interested to hear what you are doing and why.
I'm interested to hear what you are doing and why.