惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Forbes - Security
Forbes - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Palo Alto Networks Blog
Martin Fowler
Martin Fowler
T
Threatpost
D
Docker
S
Schneier on Security
M
MIT News - Artificial intelligence
G
Google Developers Blog
L
LINUX DO - 热门话题
J
Java Code Geeks
月光博客
月光博客
博客园 - 三生石上(FineUI控件)
IT之家
IT之家
博客园 - Franky
C
Cyber Attacks, Cyber Crime and Cyber Security
K
Kaspersky official blog
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
V
Vulnerabilities – Threatpost
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
人人都是产品经理
人人都是产品经理
Spread Privacy
Spread Privacy
T
Tailwind CSS Blog
爱范儿
爱范儿
阮一峰的网络日志
阮一峰的网络日志
U
Unit 42
C
CERT Recently Published Vulnerability Notes
The GitHub Blog
The GitHub Blog
Simon Willison's Weblog
Simon Willison's Weblog
NISL@THU
NISL@THU
MongoDB | Blog
MongoDB | Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
H
Heimdal Security Blog
Recorded Future
Recorded Future
云风的 BLOG
云风的 BLOG
SecWiki News
SecWiki News
P
Privacy International News Feed
P
Proofpoint News Feed
O
OpenAI News
B
Blog
腾讯CDC
F
Full Disclosure
Apple Machine Learning Research
Apple Machine Learning Research
T
Tor Project blog
H
Hacker News: Front Page
Project Zero
Project Zero
Hugging Face - Blog
Hugging Face - Blog
C
Cisco Blogs
S
Security Affairs

FreeBSD Foundation

Understanding the Foundation Board’s Role in the FreeBSD Ecosystem | FreeBSD Foundation FreeBSD Foundation Welcomes New Board Member: Dave Cottlehuber | FreeBSD Foundation Represent FreeBSD in Your Community | FreeBSD Foundation EuroBSDCon 2026 Travel Grant Application Now Open | FreeBSD Foundation FreeBSD Graphics Port Upgraded to Linux 6.12 | FreeBSD Foundation FreeBSD AI-assisted Vulnerability Discovery Project launch | FreeBSD Foundation Recap of the April 2026 Frankfurt Area FreeBSD Hackathon – Sven Ruediger | FreeBSD Foundation AsiaBSDCon 2026 Trip Report – Saikeo | FreeBSD Foundation AsiaBSDCon 2026 Trip Report – Minsoo Choo | FreeBSD Foundation Call for testing: introducing the Laptop Integration Testing project | FreeBSD Foundation Build a NAS using FreeBSD on a Raspberry Pi | FreeBSD Foundation Getting ready for the Cyber Resilience Act | FreeBSD Foundation FreeBSD Foundation Q4 2025 Status Update | FreeBSD Foundation The Q4 2025 Issue of the FreeBSD Journal is Now Available! | FreeBSD Foundation Powering the Future of FreeBSD | FreeBSD Foundation 2025: Software Development and Infrastructure Support. | FreeBSD Foundation Infrastructure Modernization – commissioned by the Sovereign Tech Agency | FreeBSD Foundation FreeBSD Closes the Laptop Gap: Year One Project Update | FreeBSD Foundation 2025: A Year of Advocacy, Community, and Growth | FreeBSD Foundation
Cleaning Up Critical Infrastructure in FreeBSD | FreeBSD Foundation
Anne Dickison · 2026-04-20 · via FreeBSD Foundation
April 20, 2026

Open source infrastructure depends on more than new features. It also depends on the steady, often unseen work of identifying risks, improving processes, and making systems easier to maintain over time.

That is exactly what the Beach Cleaning Project set out to do for FreeBSD. BSD beastie cleaning up the beach

This project focused on improving the security resilience of the FreeBSD base system by giving the Project better visibility into the third-party software it ships, better tools for evaluating and maintaining that software, and a stronger foundation for future work around software transparency, security, and sustainability.

Why this work mattered

FreeBSD’s base system includes a wide range of third-party components. Over time, keeping track of what is included, who maintains it, how exposed it is, and what action should be taken becomes more difficult. That challenge is not unique to FreeBSD. It is one shared by many mature open source projects.

The Beach Cleaning Project tackled that challenge directly.

The result was not just a review of what exists today. It produced practical tooling, machine-readable data, security assessments, and implementation plans that will continue to support FreeBSD development well beyond the life of the project.

A critical early win: OpenSSL 3.5 for FreeBSD 15.0

The project began with an urgent and high-impact task: updating OpenSSL in FreeBSD’s src repository in time for the FreeBSD 15.0 release cycle. That work ensured FreeBSD could move to OpenSSL 3.5 LTS instead of remaining on OpenSSL 3.0 LTS.

That matters because OpenSSL 3.0 reaches end of life on September 7, 2026, while OpenSSL 3.5 is supported until April 8, 2030. Since FreeBSD 15 is expected to reach end of life in December 2030, moving to OpenSSL 3.5 dramatically reduces the amount of time the FreeBSD community would need to maintain its own unsupported fork, from more than four years to roughly eight months.

Just as important, the work was completed in time for the FreeBSD 15.0 schedule and included build validation across supported architectures, legacy architecture testing, and coordination for broader testing.

Building a clearer picture of the base system

Another major outcome of the project was the creation of a machine-readable inventory of software in the FreeBSD base system.

Using new tooling developed during the project, the team built a YAML-based database that supports reporting on maintainers, components, security review, planning, and Software Bill of Materials generation. By the end of the project, that database included more than 1,000 distinct components, including 73 imported from third-party projects.

This is the kind of work that makes future maintenance easier. Instead of relying on incomplete or outdated lists, FreeBSD now has a stronger foundation for understanding what is in the base system and how those pieces relate to security, ownership, and release engineering.

Turning visibility into action

Inventory alone is not enough. The project also developed a structured way to assess security risk across third-party software in the base system.

Components were evaluated based on factors like impact on build infrastructure, operating system integrity, network exposure, authentication, and user-facing functionality. That helped identify the most critical areas for attention and guided conversations with FreeBSD’s release engineering, security response, and source management teams.

From those conversations came a practical set of priorities, including support for SBOM generation through SPDX tooling, importing pkg into the base system as FreeBSD moves further into pkgbase, and improving tooling around code ownership and maintenance.

Better tooling for a healthier project

One of the strongest outcomes of the Beach Cleaning Project is that it did not stop at analysis. It produced real tooling that can keep delivering value.

The project added support for generating CODEOWNERS-style reports, helping replace stale and incomplete maintainer information with something more useful and machine-readable. It also created tooling to generate SBOM data in SPDX 2 and SPDX 3 formats, report on dependencies, evaluate security exposure, and identify maintainers for different parts of the tree.

Additional automation was developed to track component versions and regenerate deliverables through testing workflows, making the work easier to maintain and extend over time.

Laying groundwork for what comes next

Some of the implementation work advanced significantly during the project, even if it is not yet fully complete.

That includes preparation for importing pkgconf components needed for SBOM generation and ongoing work related to importing pkg into the base system as part of the broader pkgbase transition. In both cases, the project helped move concepts into tested, reviewable work that can continue forward.

That is an important part of work like this. It is not only about producing a final report. It is also about making the next step easier for the Project and for future contributors. In that sense, the Beach Cleaning Project has already had an impact by helping FreeBSD align priorities, improve coordination, and build a stronger path for future security and maintenance work.

Why this matters beyond FreeBSD

Projects across open source are dealing with many of the same questions around security, software composition, traceability, and long-term sustainability.

What makes this work especially valuable is that it offers a practical example of how to approach those challenges: start with visibility, build better data and tooling, identify priorities, and create processes that make long-term maintenance more manageable. The deliverables from this project are part of that larger story.

Thank you to Alpha-Omega

We are thankful to Alpha-Omega for supporting this work. Funding efforts like this help make important maintenance and security work possible, even when it is not the most visible part of open source development.

This project helped lay important groundwork for FreeBSD’s future, and we are excited to see that work continue.

— Contributed By Pierre Pronchery and Anne Dickison