Postgresql 8.2 branch - keep it in tree

Radim Kolar hsn at
Mon Mar 26 07:26:45 UTC 2012

 > I'm afraid it's not only end of life by upstream, but also vulnerable 
in more than one CVE, and will not be fixed.
CVE Yes, but if you need particular DB version for your app, user will 
install it anyway. For security related point of view it does not matter 
if he installs it from ports or not.

> Can you give more detail on exactly what you are trying to do?
According to app supplier it does not work in newer pgsql because:
1. Tsearch2 module changed
2. system catalogue changed
3. string escaping is slightly different

There are no plans to update application to newer pgsql at this moment. 
Similar problem will be with postgresql 8.3. It is only known version 
which works with hyperic hq, hibernate complains on other version - 
"cant store XXXX class".

2) Booting tomcat 5.5 from tree is the same problem. It will be still in 
use for years, supported upstream or not. Most java apps today are still 
for tomcat 5.5

People dont care about CVE, they care about applications. Mark these 
ports as vulnerable, but keep them in port tree.

More information about the freebsd-ports mailing list