Date: Wed, 21 Dec 2005 22:46:09 +0400 From: rihad <rihad@mail.ru> To: freebsd.stable@melvyn.homeunix.org Cc: freebsd-stable@freebsd.org Subject: Re: ports security branch Message-ID: <43A9A2F1.6080603@mail.ru>
next in thread | raw e-mail | index | archive | help
>>Imagine: Foo 1.2.3 that >>> was current at the time of FreeBSD 6.0 release gets a severe vuln after >>> some time. Some admins upgrade to the latest and greatest Foo 1.2.9, >>> others to Foo 1.2.7 (probably with not recently updated ports tree)... > > > If 1.2.7 is secure, there is no problem. If 1.2.7 is not, portaudit will not > let you upgrade. It seems to me, you need to farmiliarize yourself first with > the mechanisms in place already, before shooting it. Scrolling a couple of pages backwards, you suddenly realize that it was I who first mentioned the role of portaudit in maintaining the security info in this "thread". Nevermind. There _might_ be a problem if one always upgrades to a newer release, this way or another, right on the production machine. The whole point of security updates is making users' lives easier. You upgrade, you want the software-OS bundle to behave, feel and touch _exactly_ the same way it did before. Once again, FreeBSD already _does_ that to the base system.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43A9A2F1.6080603>