View Single Post
  #8   (View Single Post)  
Old 29th July 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

While this problem may have been an operational error and the output may have confused you, this give me an opportunity to insert some well-meaning, related advice about third party information and third party software.

Information

Information about using OpenBSD you find on the Internet -- "how to" documents, blogs, and forums like this one -- are unofficial, and may contain information that is out-of-date, misleading, incomplete ... or wrong.

You can learn from third party sources, but please remember that they may not be correct. If you have questions about the information you find outside of the Project, in-the-wild, the authors should be contacted directly.

That includes here; this is an unofficial community of users who just try to help each other.

Software

The Ports/Packages system described in FAQ 15 is for third party software designed to be installed on OpenBSD. While the applications are not audited for security issues, the package creation steps allow each port to be tested to ensure security policies are adhered to during package creation, which includes a test installation.

The Ports/Package infrastructure ensures that installation/deinstallation of packages proceed correctly, and that dependency chains are integrated.

It is possible to find and use uncommitted ports -- there are many such posted to the ports@ mailing list and many can be found on development portals like github.com. But as they are ports designed for OpenBSD these can be tested for security policy issues during package creation. Installation and deinstallation of files can be properly managed. Dependencies can be properly tracked.

Software you find in-the-wild, and that does not have an OpenBSD port written for it -- cannot participate in the Ports/Packages system. This is any software that is not installed by pkg_add(1) and removed by pkg_delete(1). Such software does not have the protections of installation and dependency management nor does it have any test against security policy violation during the build and fake installation step that package builds have.

Last edited by jggimi; 29th July 2015 at 09:35 PM. Reason: clarified last paragraph. I can never just post and leave alone.
Reply With Quote