Some days ago solar asked about security on Gentoo/FreeBSD project. I liked the fact that he asked, because that means that Gentoo/FreeBSD project is no more considered just a toy 🙂
About that I think it’s worth telling what’s going on about this. We should start saying that the only release of FreeBSD we’re looking forward now is FreeBSD 5.4, so G/FBSD 5.4, too. This means that who installed with the old instructions using 5.3 is not covered by any kind of support since now on. We already released an experimental stage (no it’s not going to work out of the box, join #gentoo-bsd on FreeNode to know how to use it), and that’s going to be the first full release of Gentoo/FreeBSD when it will be ok.
About security, I’m monitoring all the FreeBSD’s security advisories since 5.4-RELEASE, quite all the advisories were against libraries built in freebsd-* packages for pure FreeBSD systems but built from portage on G/FBSD, so it’s normal security team who takes care of them, For the rest of the SA, there was a few related to FreeBSD’s kernel, and they are applied in sys-kernel/freebsd-sources-5.4-r2 (and -r1 for the first load of them).
So what’s going on? Well for now as the project doesn’t have a public stable release we can manage security in normal ways, when the project will be stable and merged in portage, maybe we could enroll someone to have contact with FreeBSD’s security team, or we’ll just continue following SA’s releasing new versions of our packages.
By the way.. GLSA needs a new name after our release 🙂 GSA doesn’t seem to have the same “appeal” so maybe we can call it Gentoo Land Security Advisories ? 😀
