|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
Question about security fixes of ports compared to debian packages
Hi! i have a doubt lately because i noticed that the mailing list i am subscribed about debian security, has a lot of packages with security fixes for all debian branches, also if i made an "apt update && apt upgrade" in debian stable i can see those same packages updated, with the security fixes i previously get the email from the mailing list.
The thing is, that in the mailing lists i am subscribed for openbsd, (ports, ports-changed, etc) i don't see any security fix for the -stable nor for the -current branches (i know the stable branch only get security fixes via source code from cvs) but it didn't get the same security patches as debian have... for example this for firefox: https://www.debian.org/security/2017/dsa-4035 and in the openbsd ports page http://openports.se/www/firefox-esr it shows the same version, but i think is for -current branch only, if im running -stable, i need to get the update from source code cvs or via mtier, but also mtier didn't show any security fix for firefox https://stable.mtier.org/updates?release=62 so im like confused and wanted to understand better, the difference in security patches for openbsd compared for example, with debian, it's because the project has less manpower to have the same security fixes in stable, maybe it's because the security fixes aren't needed in first place due to being not harmfull for a default openbsd install, or why are these differences? Thank you so much! |
|
|||
Wow so funny, as i send the post, an email from the mtier subscription shows a lot of new stable packages were added to mtier security fixes, some were in the debian mailing list a couple of days before, others aren't there like the firefox one i mentioned on the first post.
I think maybe it's a manpower thing that openbsd has the security fixes in stable a couple of days behind debian for example... but also i wish to get notified from the changes in cvs for example so i can compile my own packages when the fix is available on the ports tree |
|
||||
Quote:
OpenBsd is considerably more secure, thus less need for constant updates and patches, this is one reason, of many I stopped using Debian, ... but that would be another topic.
__________________
My best friends are parrots |
|
||||
Quote:
|
|
|||
Thank you everyone!, my only interest is to learn how the system i falled in love works, nothing more than that, for that, i readed the faq and the Absolute OpenBSD ebook with passion, but a couple of doubts still appear from time to time, things that are obvious to some but interesting to people who, come from other operating systems. So i in no way are comparing the two implying that OpenBSD should behave the same, or that i expected it to behave like linux in any way. That different working and simplicity is part of what make me falled in love with OpenBSD also.
So as i understand, it will be best to compare the ports and base security fixes, not against the debian packages that i receive daily, but with the original cve feed instead, https://nvd.nist.gov/download/nvd-rss-analyzed.xml maybe. and as explained before, notifying the port maintainer or trying to patching and pass to the ports mailing list. So there's no way i could get only the list of security fixes to the ports and base system without chequing the mtier release builds? i mean a list or rss, or somewhere i could check only the security fixes applyed to the ports source tree for the -stable branch instead of the -current one? maybe not a list, rss or page, but any other method will be good, maybe the updated code of the ports cvs (pointing to the -stable ports branch) in my local machine could tell me of those security fixes so i could compile those ports on my system? |
|
||||
The OpenBSD ports tree is maintained via CVS. Options:
[1]The Changelog update is currently broken at this time, it stopped on 16-Nov-2017. I only know this because the problem was reported to the bugs@ mailing list. |
|
||||
I find that OpenBSD-current behaves in a very similar fashion to Debian unstable (at least in respect of third-party security coverage) — both systems draw their security fixes directly from upstream so they just need to be updated regularly to stay "safe".
__________________
Are you infected with Wetiko? |
Tags |
ports, security, stable |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
packages security fixes | Martillo | OpenBSD Packages and Ports | 11 | 9th July 2015 04:29 PM |
packages or ports? | carusone | OpenBSD Packages and Ports | 4 | 1st December 2014 11:22 PM |
Question about removing ports/packages | Daffy | OpenBSD Packages and Ports | 2 | 16th October 2010 09:06 AM |
packages vs ports | zelut | FreeBSD Ports and Packages | 17 | 28th October 2009 08:19 AM |
Packages vs. Ports | guitarscn | OpenBSD Packages and Ports | 3 | 1st October 2008 04:43 AM |