www/dotproject out of date and vulnerable

Fred Cox sailorfred at yahoo.com
Tue Sep 19 15:18:19 PDT 2006

It's current state is that it will install a
vulnerable version with either the installed php and
mysql client or php5 and mysql5.  In the latter case,
there are many bugs in the installed port.

If I submit what I have now, it will install the
updated version with PHP4.  The user will still have
to track down the mysql problem until I can do the
right thing, but there will be a period of time while
I learn about making a port from scratch.

I'm trying to get a read on whether imperfect
improvement is worth checking in, or whether the
typical thing is to wait for perfection, even if that
might take a while.



--- Kris Kennaway <kris at obsecurity.org> wrote:

> On Tue, Sep 19, 2006 at 02:42:37PM -0700, Fred Cox
> wrote:
> > Would you recommend doing the partial job of
> updating
> > the port for the vulnerability and requiring PHP4
> > while I work on the ultimate solution?
> It will result in a broken port unless you can
> address the mysql
> thing - there's no way around it.
> Kris

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the freebsd-ports mailing list