# how much is the time it takes to be patched one vulnerability in FreeBSD



## idexbsd (Dec 29, 2011)

Hello, I want someone to answer the following questions:

I want to implement a web server and assume that someone discovers a vulnerability in Apache and then exit the patch for this ... how much is the time it takes to be patched for freebsd FreeBSD?

There is a company that provides support for FreeBSD security vulnerabilities?

Someone knows if compared with RedHat .. how long it takes to be patched a vulnerability?

Thanks


----------



## SirDice (Dec 29, 2011)

It depends on how fast Apache brings out a patch and how fast the new version is ported. Once the upstream patch is available it usually doesn't take that long for it to appear in the ports tree.


----------



## idexbsd (Dec 29, 2011)

Could you explain what means "how fast the new version is ported"

thanks


----------



## SirDice (Dec 29, 2011)

Third-party applications are "ported" to FreeBSD. That means they'll show up in the ports tree. A port maintainer is responsible for it. The maintainer can only do his/her job if there are patches available upstream (Apache for example). Porting takes some time but with minor changes like security patches the porting itself is usually quite simple and fast to do.


----------



## aragon (Dec 30, 2011)

However, the ports system is, relative to other package installation systems, very accessible and well documented.  In many cases it's trivial for a system administrator to make customisations to a port.


----------



## SirDice (Dec 30, 2011)

aragon said:
			
		

> In many cases it's trivial for a system administrator to make customisations to a port.


Indeed it is. I've done so many times in the past. It's usually just a matter of changing the version numbers in the Makefile, running a *makesum* and building the 'updated' port.


----------

