Jason Fesler wrote:
Not to rant, but you are actually missing out on the (probably) greatest advantages of using a FreeBSD powered server. I am shivering when I think about apt/spm/rpm/yum.
When it comes to packaging systems, I hate'em all. :-) But, of the ones I've spent time with, I prefer apt. (Specfically, building/maintaining my own apt's, fitting my business needs, not using pre-built ones...).
I much prefer FreeBSD's ports and packages system to anything else. You can make your own custom packages if you want, from the ports system, exactly as you need and then install them wherever you want. We don't use packages though, we keep a local cvsup mirror and compile everything from source on each system. We don't have so many that it's a problem to compile on each system.
I'm especially particular to applications that expose anything to the outside world (and their dependencies). These, I always prefer to install by hand, and maintain a /usr/local/src (freebsd) or apt packages (linux). This way, when vulnerabilities come out, I can address them faster than the maintainers can (or at least, I'm not gated oin them). And, files go where *I* want them to go, instead of playing hunt-the-wumpus wondering where a given port put stuff.
You are right that you're locked into depending on the port maintainer(s) to update, but at least for us it has yet to be an issue. Personally, I can only think of one instance where the ports system was behind for any significant portion of time when there was a security issue, and that was during the ports freeze for the xorg 7.2 switchover. That was a highly unusual case, though. (The security issue was with PHP, actually...)
Handy tools like portaudit (/usr/ports/ports-mgmt/portaudit) also help, checking nightly for security vulnerabilities and letting you know when there is a problem.
One of the many good things about FreeBSD is that it tends to force people and packages to adhere to the layout specified in hier(7). While that may mean different default locations than the package itself wants, it is very consistent, with only a handful of ports that are very out of place (qmail and HylaFAX come to mind, but they are very vocal about where things go.) Everything is in /usr/local so your base system doesn't get spammed by random packages and software installs. I find it much easier to find things on a FreeBSD system, but of course YMMV...
This is especially true now that with xorg 7.2 they merged the entire xorg system into /usr/local and did away with /usr/X11R6 entirely -- it's now a symlink to /usr/local.
All a matter of preference. :-)
Very true indeed. I have no idea how I'd maintain even as many severs as we have without something like the ports system keeping track of installed software and software versions... That's one of the downfalls when there is a lack of manpower: forced reliance on automation.
And now back to your regularly scheduled RoundCube dev list...
Jim
P.S. Fun tidbit: You can get a list of installed ports/packages via SNMP, if you have net-snmp installed and running, snmpwalk down OID .1.3.6.1.2.1.25.6.3.1.2 :) This supposedly works on lots of platforms, but usually only with software installed via the package management system of choice, so again, YMMV.
List info: http://lists.roundcube.net/dev/