pkg falls behind port version - how do ports become pkg's?
Karl Pielorz
kpielorz_lst at tdx.co.uk
Mon Nov 12 22:06:30 UTC 2018
--On 12 November 2018 at 16:20:52 +0000 Matthew Seaman
<matthew at FreeBSD.org> wrote:
Hi - thanks for your reply, and detailed info on ports / pkg behind the
scenes!
> If it's 'quarterly' (which is the default) then you'll not get an update
> until the beginning of the next quarter -- which would be the start of
> January 2019. The exception to this is when there's a security fix for
> the package in question, which should appear within a day or so.
Ok - all the systems here are on quarterly. I've just switched one to
'latest' - and, indeed - mysql56-server pkg installed is 5.6.42 - which
appears to address the 30+ CVE's that 5.6.41 has tagged against it.
> Nope. Official packages are built on the official package building
> cluster.
I'd guess that's the mythical Poudriere? ;)
> The certainly aren't built by random port maintainers who may
> be of particularly uncertain provenance and are not absolutely guaranteed
> to have your best interests at heart.[*]
>From what I can see mysql56-server in quarterly really does need updating
to fix the CVE's - so who am I best emailing to ask if
mysql56-server/client could be updated on security grounds?
Thanks again,
-Karl
More information about the freebsd-ports
mailing list