ports security branch
rihad at mail.ru
Wed Dec 21 10:46:38 PST 2005
>>Imagine: Foo 1.2.3 that
>>> was current at the time of FreeBSD 6.0 release gets a severe vuln after
>>> some time. Some admins upgrade to the latest and greatest Foo 1.2.9,
>>> others to Foo 1.2.7 (probably with not recently updated ports tree)...
> If 1.2.7 is secure, there is no problem. If 1.2.7 is not, portaudit will not
> let you upgrade. It seems to me, you need to farmiliarize yourself first with
> the mechanisms in place already, before shooting it.
Scrolling a couple of pages backwards, you suddenly realize that it was
I who first mentioned the role of portaudit in maintaining the security
info in this "thread". Nevermind.
There _might_ be a problem if one always upgrades to a newer release,
this way or another, right on the production machine. The whole point of
security updates is making users' lives easier. You upgrade, you want
the software-OS bundle to behave, feel and touch _exactly_ the same way
it did before. Once again, FreeBSD already _does_ that to the base system.
More information about the freebsd-stable