Tweet
The latest version of the FreeBSD package manager (pkg) does a lot of extra work in determining dependencies, so much so that it's really prolonging our package builds. 21 days into the 14-STABLE package build, we still have over 9,000 packages to build (out of 36,000+). It's likely that this package build will NOT complete within this month cycle.
We (HardenedBSD) may need to scale back our monthly installation/updater builds to quarterly because of just how much the new package manager prolongs building packages.
The problem then becomes, what do we do when there's a FreeBSD Security Advisory? We may have to adopt a more formal approach to handling security advisories for the base OS. That would be a good thing to have overall, but hasn't really been needed until now-ish.
Our exploit mitigations and security hardening techniques generally mitigate a large portion of security advisories, so waiting for the next monthly build has been an acceptable compromise. That changes if we go to quarterly builds.
Does the community have any thoughts regarding a slower cadence, going from monthly to quarterly?
We (HardenedBSD) may need to scale back our monthly installation/updater builds to quarterly because of just how much the new package manager prolongs building packages.
The problem then becomes, what do we do when there's a FreeBSD Security Advisory? We may have to adopt a more formal approach to handling security advisories for the base OS. That would be a good thing to have overall, but hasn't really been needed until now-ish.
Our exploit mitigations and security hardening techniques generally mitigate a large portion of security advisories, so waiting for the next monthly build has been an acceptable compromise. That changes if we go to quarterly builds.
Does the community have any thoughts regarding a slower cadence, going from monthly to quarterly?