Valid Sender ? - Re: cvs commit: ports/security/openssl Makefile
Simon Barner
barner at FreeBSD.org
Tue Oct 4 14:01:24 PDT 2005
[removed cvs-all from Cc:]
Dirk Meyer wrote:
> Kris Kennaway schrieb:,
>
> > > As you might see in the cvs Revision 1.100 is tagged with RELEASE_6_0_0
> > > The update of openssl 0.9.8 was commited after this.
> >
> > And when you commit a fix to some other port and then it has a
> > security vulnerability, I can't slip the tag without worrying whether
> > you've broken the package on 6.0 with the previous version of openssl.
>
> Yes you can slip the tag on any port that depends on openssl.
>
> Thats why we have bsd.openssl.mk.
>
> Unless you move the tag there and in openssl itself,
> all ports will still build with the old openssl 0.9.7g
Hmm, I think Kris meant it like this:
When one upgrades a port P (e.g. openssl) that requires a lot of compatibility
patches in other ports (API or ABI changes, ...), and _then_ one of the
other ports (lets call it S) gets a security fix, then you cannot simply
slip the tag on that port. This is because S contained also the
compatibility patches, but the tag of port P still points at the old version.
Now, one needs to slip the tag of port P (and also of ports that depend on
it, and maybe that of ports that depend on ports that depend ... you get
the idea).
AFAICS there's no way to merge back the security patch only because our
ports tree is not branched, and it's commonly agreed upon that it will
never be due to lack of resources.
--
Best regards / Viele Grüße, barner at FreeBSD.org
Simon Barner barner at gmx.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-ports/attachments/20051004/288ea87b/attachment.bin
More information about the cvs-ports
mailing list