# Packages and security issues



## germanopratin (May 14, 2012)

I really would like to switch to FreeBSD, but there's one issue that has been bugging me for ages, and has always made me falling back to good old Slackware:

Whenever I install xorg and a desktop environment (gnome/kde/xfce) with *pkg_add -r*, *portaudit* tells me that xorg and gnome have tainted my system with 10-12 packages having security problems. This has *always* been the case, starting from FreeBSD 8.0 up to the recent 9.0. 

This is something I just don't get with FreeBSD: why do they provide packages in the official repo, which have known security problems? 

Since I never managed to build e.g. gnome from the ports collection, I would like to know:

Is it a serious security concern - having portaudit say, that e.g. xorg has exploitable packages?
How do others handle that issue? 
Is there a way to deal with *pgk_add -r xorg gnome* - and avoiding security problems? Or lies the only solution with a *make install clean* approach?

I would be very grateful for serious help!


----------



## SirDice (May 14, 2012)

Set your PACKAGESITE to a -stable package tree. The -release packages are created when the release is made and are NEVER updated.


----------



## germanopratin (May 14, 2012)

Thank you very much for that quick reply! Obviously, I misunderstood what -STABLE means, thinking it only comprises kernel and userland. Great! I hope that will do it.


----------



## SirDice (May 14, 2012)

There's a difference between a -STABLE base and -stable packages. They have nothing to do with eachother.


----------



## kpa (May 14, 2012)

The -stable packages are compiled on a machine running -STABLE version of FreeBSD, that's what the name of the directory refers to. Compiling the packages on -STABLE also serves as a test for ABI stability (which is what STABLE really means in this context) so that the changes to -STABLE haven't broken the binary compatibility with the earlier -RELEASE versions in the same major version line.


----------

