2025-09-27 –, D2
The FreeBSD Ports Collection has long been one of the project’s most defining features — a gateway to thousands of third-party applications across use cases and architectures. But as the ecosystem has grown past 30,000 ports, core questions of sustainability, security, and stewardship have become increasingly urgent.
This talk presents a critical but constructive examination of the state of the Ports tree today: legacy components like Python 2.7 and GTK2 lingering far past end-of-life; security-sensitive libraries such as libxml2 frozen due to dependency sprawl; and a governance model struggling to adapt to modern software lifecycle realities. Examples will include cases where well-intentioned cleanup or modernization efforts have been blocked by inertia, policy gaps, or lack of strategic direction.
Rather than focus on blame, this session invites forward-looking dialogue. How should a curated operating system balance flexibility with trust? How can FreeBSD better align with evolving supply chain expectations — from reproducible builds to SBOMs? What tradeoffs must be made when quality, not quantity, becomes the primary metric of success?
While the views presented are personal, they reflect years of active involvement in the Ports infrastructure, including past membership on portmgr@. The session will aim to leave ample space for community discussion and propose specific paths toward a more sustainable, auditable, and maintainable future for the Ports Collection.
Moin is a FreeBSD infrastructure developer working with the FreeBSD Foundation. His focus areas include CI/CD pipelines, reproducible builds, secure artifact delivery, release engineering, and cluster administration. With a strong operational background, he helps maintain critical infrastructure that supports FreeBSD’s development, testing, and release processes.
He has been deeply involved in packaging and ecosystem health within the FreeBSD project; especially the Ports Collection; advocating for higher standards in quality, lifecycle management, and risk awareness. His contributions span both code and community discussions, particularly around supply chain security, port deprecation policy, and the need for modern auditability in a rapidly evolving threat landscape.
Through both hands-on maintenance and policy-level insight, he continues to push for a Ports Collection that balances flexibility with responsibility and meets the needs of today’s security-conscious users.