Security Patches for Port Applications in Releases
LI Xin
delphij at delphij.net
Tue Jan 16 05:41:40 UTC 2007
Stevan Tiefert wrote:
> Hello list,
>
> I installed the new release 6.2 on my workstation. I installed also
> portaudit
> and run it immediatly afterwards. What have I to see? 5 vulnerable
> packages
> in my release.
>
> My questions:
> - Why can I update FreeBSD with security-patches and the
> Release-Packages have
> no security-patches?
> - What are then the advantages of release-packages/ports to
> current-ports if I
> can not update release-packages with security-patches?
> - Is an security-patch-update-system for release-packages/ports planned?
Due to manpower limitation, I think there is no plan to have so-called
"security patches for release packages" at this moment. Administrators
may use portupgrade's -rRPP option and pass the vulnerable package names
to its command line, to install the latest -stable packages, which is
usually updated frequently.
Cheers,
--
Xin LI <delphij at delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-chat/attachments/20070116/0765e579/signature.pgp
More information about the freebsd-chat
mailing list