Opera vulnerability, marked forbidden instead of update?

ajtiM lumiwa at gmail.com
Fri Nov 23 11:38:07 UTC 2012


On Friday 23 November 2012 03:00:59 Matthew Seaman wrote:
> On 23/11/2012 08:26, Matthieu Volat wrote:
> > I've noticed that www/opera was marked FORBIDDEN because of a security
> > hole:
> > http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-h
> > ead
> > 
> > The opera software compagny advisory indeed mark this bug as high
> > severity, and mention that there is an update to fix it.
> > 
> > I am not familiar with the security process in ports, but would not it be
> > better to update the version? Marking it FORBIDDEN do not do much for
> > the userbase that does already have it installed.
> > 
> > I've bumped the versions in the Makefile
> > OPERA_VER?=     12.11
> > OPERA_BUILD?=   1661
> > and made a `make makesum reinstall`, there was no apparent problem.
> 
> Marking a port 'FORBIDDEN' is a quick response measure that can be done
> without having to worry about time consuming testing the of port and so
> forth.  It's an interim measure taken to ensure that users do not
> unwittingly install software with known vulnerabilities.
> 
> Yes, updating the port to a non-vulnerable version is the ideal
> response, but that may not be possible to do straight away.  You've
> sketched out the first couple of steps a port maintainer would take, but
> that 'there was no apparent problem' statement would need to be backed
> up by some more rigorous testing before a maintainer would feel
> confident in committing the update.
> 
> 	Cheers,
> 
> 	Matthew


I did the same and I don't have problems...

Mitja
--------
http://www.redbubble.com/people/lumiwa


More information about the freebsd-ports mailing list