Postgresql 8.2 branch - keep it in tree
hsn at filez.com
Mon Mar 26 07:26:45 UTC 2012
> I'm afraid it's not only end of life by upstream, but also vulnerable
in more than one CVE, and will not be fixed.
CVE Yes, but if you need particular DB version for your app, user will
install it anyway. For security related point of view it does not matter
if he installs it from ports or not.
> Can you give more detail on exactly what you are trying to do?
According to app supplier it does not work in newer pgsql because:
1. Tsearch2 module changed
2. system catalogue changed
3. string escaping is slightly different
There are no plans to update application to newer pgsql at this moment.
Similar problem will be with postgresql 8.3. It is only known version
which works with hyperic hq, hibernate complains on other version -
"cant store XXXX class".
2) Booting tomcat 5.5 from tree is the same problem. It will be still in
use for years, supported upstream or not. Most java apps today are still
for tomcat 5.5
People dont care about CVE, they care about applications. Mark these
ports as vulnerable, but keep them in port tree.
More information about the freebsd-ports