# Package/Ports & EOL/Updates



## zader (Oct 29, 2021)

HI All,

I had a look through most of the development hand books, but wanted to clarify a few things that I either missed, didn’t see or may have been left out of the documentation.

this kind of pain point stems from unpopular dealings with linux that have caused issues in the past .. I can't say this wont happen with freebsd but ideally Id like to find something to present.

Se lets address the issues.

dead/out-of-date or unmaintained packages

#1 - the dev team starts creating an application under linux .. one dev picks some libs, packages and other supporting 3rd party applications they are familiar with .. said team builds a package repo, adds all the 3rd party urls/codebases and "everything is awesome" . original developer sees something shiny and quits .. the rest of the dev team never notices that one of the 3rd party links is dead/no longer updating. (idk the 3rd party dev got board, or what ever) .. a few years go by and then .. boom .. the main application breaks because this old application is no longer supported / broken.. Dev team is now stuck trying to re-write, mangle or rehash their code to work around the problem. causing all sorts of issues..

Q:
? - if a committer stops updating code, how does the council determine when their code will be EOL'ed
? - how are consumers of that package notified or expected to know when a package they use will no longer be maintained or apart of the base
? - I "assume" all packages are rebuilt for each major release and checked for dependencies? is this correct?
? - What level of code review is done by the council? for example, some bsd teams will go through it literally line by line and if it sucks its rejected.
? - if there is a major issue with a package and a hot fix is applied, but the base version in stable/release is still on the older version. how do you deal with that? ie do you download it from current and compile for source? or is that included in the security patches etc.


#2 - if your application only relies on adding scripts, config and supporting components for 3rd party applications..
? - is it better to just package / mantiain your own code. ie use normal updates and pull down your repos from git via a configuration manager.. or
should you still go with your own complete repo and push from that?
? - as abouve if your required to mix binaries and compile the odd packag from source, how do you get around that? or is that even a problem in the first place?

thanks for your time, sorry if they seem trivial.. or I missed something obious in the documentaion.


----------



## a6h (Oct 29, 2021)

* Three months unresolved problems could lead to reset a maintainership by The Ports Management Team (portmgr)








						Contributing to FreeBSD
					

How to contribute to the FreeBSD Project




					docs.freebsd.org
				




* Unmaintained ports have their MAINTAINER set to ports@FreeBSD.org








						Contributing to FreeBSD
					

How to contribute to the FreeBSD Project




					docs.freebsd.org
				




*After 18 months of inactivity, commit privileges are eligible to be revoked.








						A project model for the FreeBSD Project
					

A formal study of the organization of the FreeBSD project




					docs.freebsd.org
				




* Find unmaintained ports:
`pkg query -e %m=ports@FreeBSD.org %o`
OR
track them down on the https://www.freshports.org/

* Audit installed packages against known vulnerabilities:
`pkg audit -F`

* Security patches:
Security patches will apply to the stable and release.

* Code review:
I don't know, probably none. Even OpenBSD (they audit base) doesn't audit ports.

* Package/maintain your own code:
Sometime yes, e.g. patching the Suckless ports, your projects, etc.

* Mixing packages and ports:
It depends. Generally it's a bad idea, unless you keep track of them carefully to prevent dependency issues.


----------



## grahamperrin@ (Oct 30, 2021)

Installation and Maintenance of Ports or Packages
					

Installing and maintaining the FreeBSD Ports Collection or FreeBSD Packages (i.e. third party software).




					forums.freebsd.org


----------



## zader (Oct 30, 2021)

thanks! thats a great start


----------



## grahamperrin@ (Oct 30, 2021)

<https://pkg-status.freebsd.org/builds?type=exp> is for experimental runs.

<https://bugs.freebsd.org/bugzilla/b..._desc=[exp-run]&short_desc_type=casesubstring>



SirDice said:


> … A quarterly branch is made from the latest ports tree (in whatever that state that may be at that time). For the duration of the quarter it only receives security and stability updates. The versions of applications within that quarterly branch is kept 'stable' i.e. not a lot of changes, the word 'stable' has nothing to do with its general fitness to run.





zader said:


> … I "assume" all packages are rebuilt for each major release and checked for dependencies? …



Not just major. 

At <https://pkg-status.freebsd.org/builds?type=package> you can, for example, seek:

_main_ (eight entries)
_main-amd64_ (one)
_130_ (sixteen)
_130amd64_ (two)
– and so on, and within each entry/listing there are links to further information.

<http://beefy16.nyi.freebsd.org/jail.html?mastername=130amd64-default> ▶ _Latest Build_ (the highlighted listing), and so on.

From <https://lists.freebsd.org/>, six lists to be aware of:






If you lurk in #freebsd-bugs you'll gain a sense of how things progress:





zader said:


> … how are consumers of that package notified or expected to know when a package they use will no longer be maintained or a part of the base …



NB: 

the distinction between ports and the base operating system
_freebsd-pkgbase_ above; <https://forums.freebsd.org/threads/pkgbase.79917/>

FreshPorts can provide updates. For example, at <https://www.freshports.org/watch.php>:





zader said:


> 𡀦… I had a look through most of the development hand books, …



For the benefit of other readers:



grahamperrin said:


> install misc/freebsd-doc-en to get:
> 
> /usr/local/share/doc/freebsd/en/books/porters-handbook/book.pdf
> /usr/local/share/doc/freebsd/en/books/porters-handbook/book.html
> – <https://docs.freebsd.org/en/books/porters-handbook/book/book.pdf> is 404; and a local installation of the single-page HTML book will load faster than <https://docs.freebsd.org/en/books/porters-handbook/book/>.


----------

