interim port versions
Kris Kennaway
kris at obsecurity.org
Fri Oct 22 09:56:51 PDT 2004
On Fri, Oct 22, 2004 at 06:50:13AM -0700, Randall Foster wrote:
> I'm new to the bsd's, came from linux and i'm having a bit of difficulty
> figuring out the general philosophy.
>
> One of the major reasons that i decided to try out the 'bsds' is
> because of the security. I'm having a hard time however figuring out
> how security issues in the ports get dealt with when there is a port
> freeze, like now. The best example i can think of is gaim...(i almost
> didn't recheck the port on the 4.10 tree, it's now mysteriously up to
> date, phew.)
>
> ......slightly altered next paragraph....
> lets say i found out there is a msn slp buffer overflow (like currently)
> and i wanted to protect myself....so i cvsuped my ports tree and then
> wanted to portupgrade....... problem is...since it's a port freeze...up
> until a few days ago it's still at 0.82 not the 1.02 that is out now, I
> watched it and never saw version 1.00 or 1.01. Are the ports frozen
> _except_for_security_fixes or am i missing something.
>
>
> I looked around on the lists for this but didn't see it and it seems
> like a fairly big deal if security issues arise during a freeze.
Easy..if a security fix is submitted to portmgr during a freeze, it's
almost always going to be approved.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20041022/d7ae13a8/attachment.bin
More information about the freebsd-questions
mailing list