ports security branch
Melvyn Sopacua
freebsd.stable at melvyn.homeunix.org
Tue Dec 20 04:21:24 PST 2005
On Tuesday 20 December 2005 12:39, Marwan Burelle wrote:
> The point is not that this is always true, but that you have to handle
> those kinds of problems if you want to maintain a security branch for
> ports.
The point is, that it is irrelevant. Ports are independant of the base system.
There is no need for a security branch of the ports tree. The ports that rely
on specifics in the base system, handle it themselves via BROKEN,
FreeBSD_version and friends. The ports tree is only tagged for a specific
release, so that release cdroms can be made.
The only thing that makes sense is pre-compiled packages being updated for
security branches of the base system - but, that is only worth-while if
there's a large enough userbase that has an /etc/make.conf without NO_ flags.
Since for example I have no need for Kerberos, I cannot use the FreeBSD
provided packages for the ones that make sense, as they all link libgssapi
(subversion pulls it in through www/neon, smbclient because of ports/90238
and thus kde*).
--
Melvyn Sopacua
freebsd.stable at melvyn.homeunix.org
FreeBSD 6.0-STABLE
Qt: 3.3.5
KDE: 3.4.3
More information about the freebsd-stable
mailing list