惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
L
LangChain Blog
Jina AI
Jina AI
WordPress大学
WordPress大学
人人都是产品经理
人人都是产品经理
S
Secure Thoughts
T
The Exploit Database - CXSecurity.com
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 聂微东
小众软件
小众软件
Apple Machine Learning Research
Apple Machine Learning Research
C
Cyber Attacks, Cyber Crime and Cyber Security
Project Zero
Project Zero
T
Threat Research - Cisco Blogs
量子位
G
GRAHAM CLULEY
腾讯CDC
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
C
CERT Recently Published Vulnerability Notes
The Hacker News
The Hacker News
C
Cisco Blogs
Scott Helme
Scott Helme
Spread Privacy
Spread Privacy
宝玉的分享
宝玉的分享
V
V2EX
博客园 - 三生石上(FineUI控件)
T
Tor Project blog
P
Proofpoint News Feed
雷峰网
雷峰网
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V
Vulnerabilities – Threatpost
PCI Perspectives
PCI Perspectives
博客园_首页
L
LINUX DO - 最新话题
IT之家
IT之家
有赞技术团队
有赞技术团队
博客园 - Franky
Hacker News: Ask HN
Hacker News: Ask HN
Last Week in AI
Last Week in AI
The Cloudflare Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
美团技术团队
博客园 - 【当耐特】
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Security Archives - TechRepublic
Security Archives - TechRepublic
L
LINUX DO - 热门话题
AWS News Blog
AWS News Blog
S
Security Affairs
T
Tailwind CSS Blog

FreeBSD Foundation

Understanding the Foundation Board’s Role in the FreeBSD Ecosystem | FreeBSD Foundation FreeBSD Foundation Welcomes New Board Member: Dave Cottlehuber | FreeBSD Foundation Represent FreeBSD in Your Community | FreeBSD Foundation EuroBSDCon 2026 Travel Grant Application Now Open | FreeBSD Foundation FreeBSD Graphics Port Upgraded to Linux 6.12 | FreeBSD Foundation FreeBSD AI-assisted Vulnerability Discovery Project launch | FreeBSD Foundation Recap of the April 2026 Frankfurt Area FreeBSD Hackathon – Sven Ruediger | FreeBSD Foundation Cleaning Up Critical Infrastructure in FreeBSD | FreeBSD Foundation AsiaBSDCon 2026 Trip Report – Saikeo | FreeBSD Foundation AsiaBSDCon 2026 Trip Report – Minsoo Choo | FreeBSD Foundation Call for testing: introducing the Laptop Integration Testing project | FreeBSD Foundation Build a NAS using FreeBSD on a Raspberry Pi | FreeBSD Foundation Getting ready for the Cyber Resilience Act | FreeBSD Foundation FreeBSD Foundation Q4 2025 Status Update | FreeBSD Foundation The Q4 2025 Issue of the FreeBSD Journal is Now Available! | FreeBSD Foundation Powering the Future of FreeBSD | FreeBSD Foundation 2025: Software Development and Infrastructure Support. | FreeBSD Foundation FreeBSD Closes the Laptop Gap: Year One Project Update | FreeBSD Foundation 2025: A Year of Advocacy, Community, and Growth | FreeBSD Foundation
Infrastructure Modernization – commissioned by the Sovereign Tech Agency | FreeBSD Foundation
Florine Kamdem · 2025-12-20 · via FreeBSD Foundation
December 19, 2025

In 2024 The Sovereign Tech Agency commissioned an ambitious body of work to strengthen and modernize the infrastructure that FreeBSD contributors depend on. 

The program of work totaling €686,400 was managed by the FreeBSD Foundation and has run from August 2024 to December 2025. 

The main goals of the program were to accelerate planned work to deliver zero trust builds, SBOM and security tooling, and improve developer experience.

As the project nears completion, some of the key work delivered is:

Zero Trust Builds

FreeBSD now builds reproducibly and without root privilege.  

The FreeBSD Foundation has completed work enabling FreeBSD builds without requiring root privileges. All release artifacts (ISO images, USB memstick images, VM images, and cloud disk images) can now be created without elevated access, reducing security risks from device file creation, ownership changes, and filesystem mounting during builds.

Alongside no-root support, FreeBSD introduced reproducible builds ensuring identical sources produce identical binaries. This involved normalizing timestamps, stabilizing file ordering, and creating consistent build environments. These improvements strengthen supply chain integrity, enable unprivileged container-based CI systems, and allow contributors to build complete releases locally, making FreeBSD management faster, more secure, and transparent.

CI/CD Automation

A package of changes to CI tooling will improve the development workflow by enabling developers to test code changes before merging and extending automated testing to the Ports tree. This will make debugging easier by providing better test metadata, automated code analysis, and notifications to code owners when issues arise.

Tooling will soon* be available which:

  • Extends CI to the Ports tree
  • Gives developers the ability to run CI (locally or in the cloud) on their proposed source code changes before they are merged into main. 
  • Collects test environment metadata to help with reproducing bugs.
  • Supports running CI in 3rd party services.
  • Provides automated code analysis as part of CI.
  • Notifies code owners when a test fails and provides details about related code changes.

Also, part of the project:

  • Automated updates to keep CI tooling up-to-date.
  • A CI threat model to support future security planning.

* This work has been sitting behind 15.0 release and will take a little longer to deliver.

Reduce Technical Debt

The Foundation worked with the Source Manager team to specify and create an analytics dashboard to gather insights from across the different tools containing information about bugs and technical debt. This was combined with a focus in the community on “bugbusting” sessions, some Bugzilla upgrades, and related new tooling to apply patches automatically. The changes have meant that there has been a sustained improvement in bug management. Over the last year the rate of closing bugs has been higher than the rate of bugs being raised.

Security Controls

Changes have been made to support FreeBSD’s adoption of the emerging OSV (Open Source Vulnerability) format for its vulnerability data.  This standardization makes it easier for downstream users to access and process security information using existing ecosystem tools, while also simplifying imports of vulnerability data from FreeBSD’s third-party components.

An OSV database for FreeBSD has been created, and OSV parsing capability has been added to pkg. Conversion tools are also available to transform existing VuXML data to OSV, with CI to automatically validate the output. pkg audit can also now handle OSV data. 

FreeBSD was also added to the upstream OSV schema to allow 3rd-party tooling to be updated to correctly handle FreeBSD OSV data.

SBOM Improvements

Foundational tooling to generate SBOMs for FreeBSD has been created by consolidating scattered provenance data into unified reports. The Ports tree implementation is mature and ready for review, while Base system SBOM generation remains in technical preview due to its complex build system. A follow-on project in early 2026 will build on this groundwork to deliver production-ready SBOM capabilities across the entire FreeBSD stack.