updated packages for security issues on FTP server?
Simon L. Nielsen
simon at FreeBSD.org
Thu Mar 23 12:14:00 UTC 2006
On 2006.03.22 13:17:59 -0800, Jeremy C. Reed wrote:
> What is the policy or procedure for FreeBSD ports team (or maintainers) to
> provide updated packages (prebuilt .tbz) for security issues for the FTP
> servers?
Basically there currently is none. When security issues are found the
ports are updated and the issue is documented in the VuXML document
(which is used e.g. by portaudit). That is at least how it should
work, there is usually some delay simply due to the amount of manpower
available to deal with these issue and the huge amount of new issues
(since we have ~14000 ports...).
We don't currently deal with the prebuild packages at all, except to
try to make sure there are no serious security issues in the packages
bundled with a release, when it's released.
> I have seen past security advisories for "ports" that have pointed to
> prebuilt packages on the FTP server.
It is quite some time ago that since the Security Team stopped issuing
security adviories for ports.
> But looking today at
> ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/ I don't
> see any new packages within a month (although ports tree has been updated
> for security issues).
>
> Where would packages for security fixes be uploaded to?
As Kris said, those packages are rebuild when possible. Nothing
special is done wrt. security issues.
--
Simon L. Nielsen
FreeBSD Security Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060323/9e504045/attachment.pgp
More information about the freebsd-ports
mailing list