Quarterly ports trees not getting security updates?

J David j.david.lists at gmail.com
Wed Aug 27 00:15:51 UTC 2014


When the quarterly ports trees were introduced, they were described as
including security, build, and runtime fixes for 3 months.

This is a great idea, and with 2014Q2 it seemed to work pretty well.
However, it doesn't seem like 2014Q3 is getting security fixes.

For example, the openssl port has never been updated since branch;
it's still on 1.0.1_13, which has 9 open CVE's against it.  Other
ports have similar issues (e.g. serf and subversion).

What could a non-expert such as myself do to help with this?  Is it
just a matter of trying to identify the relevant commits from the head
of the ports tree, or is there more to it?


More information about the freebsd-questions mailing list