Date: Thu, 13 Dec 2012 10:56:37 -0600 From: Bryan Drewery <bdrewery@freebsd.org> To: Matthias Andree <mandree@freebsd.org> Cc: freebsd-ports@freebsd.org Subject: Re: [RFC/HEADSUP] portmaster default -w (preserve shared libraries) Message-ID: <50CA08C5.7060901@FreeBSD.org> In-Reply-To: <50C838EC.4000907@FreeBSD.org> References: <50C7576C.5040100@FreeBSD.org> <CA%2B7WWScXnLqW=5kuG9_1Tj6aYptUJeUQY-64zzvTtEGVcVK9Cg@mail.gmail.com> <CADLFtte=_oGVySzkUP%2BqSMHa=qU4k2uMZMA01ESgfYnEkunKdg@mail.gmail.com> <50C762C4.9080302@FreeBSD.org> <CADLo838vaR2bXme4bFC=toFagL0--2F0vjCi61Fr_RYMixkRsw@mail.gmail.com> <CADLFtte9kaBKUaxZvWzrJ4Bxoh_kAd=1CcQ3t2qUkE=TjyYEhQ@mail.gmail.com> <50C838EC.4000907@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig55B9D074C162579E4312E076 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 12/12/2012 1:57 AM, Matthias Andree wrote: > Am 11.12.2012 20:34, schrieb Jeremy Messenger: >=20 >> If can't update all ports then please wait until when you can. I never= >> have any problem to update all ports at a time by ran it over night >> time. Or even better, use packages if you can't afford the ports >> system. >=20 > This is ridiculous. We know that there have been extended (months!) > periods where we were stuck because all useful versions of some > important library had security vulnerabilities. The last pain I > recollect was libxul. Old version vulnerable, no new version, and then= > when the new version was around, some dependencies did not work with > libxul-10*. This would in effect have meant "no update for months". >=20 >=20 > Bryan, practially, I propose that portmaster should >=20 > - list stored libraries on each and every run, and ask that the user > updates those ports that use the old, saved, libraries, pointing to > bsdadminutils and pkg_libchk. >=20 > - we may need to save more than just the .so files, namely, the origin > and portname of a saved library so that portmaster can run portaudit > against those names to complain about security issues in saved librarie= s. >=20 Good points and ideas. I will keep those in mind. --=20 Regards, Bryan Drewery bdrewery@freenode/EFNet --------------enig55B9D074C162579E4312E076 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQygjJAAoJEG54KsA8mwz57EEQAIznkMtZPMC1YHRP6VeOnDS/ TqyjYLtnXxxSY2oevowTcAkP8WwCc78lcT2nCK/iMcR9mfAL74phxh1XGfNoIBth jZpgDSLjXp/rL5N2r1y682PuZ1q8zkKGukyJO8rqASdxOYQURF2ZEAlGFBmo9jiX ILN1oeSF5F17Kwxg9oiILouT7C5X+LYS8LVhmo79LzT36aGwWRA1JQ78thQPg5fW 9BIehjBSib4Bj2pCLbl4ca+nSWv1hUuyIe1lToct4M+Uixm04hSIXvxJJCg2Ap/a JiolMNcDLhcZVFjmKRpJ9BhA1ujasD1lJeQAbHXt12RgGkOm6+j2rBFt08N/iHai gxFs3fP5fTkWIcnKDsOZ6Ymf1gKdOy3ruWZoLy8By08ySl+9EkfuAXFtxYlLglMS CUOPUxvTeLocS/BpaoHklJvWiQMKdS4aREPeJtFaTBFIsS6P8Hh6oP2cz2xeAZvA gNhjvSp92lpX6kNv7aHwffkKqsUXgnkjcR9S3sy4CqAUhOeaqcoSxbGeTfiWSdWh q+DEaSYqJER83oiaysUgVwWJK4mC/n53xxe1+JX2s9L5sLv/WrGD6eu+PXMKfgJ0 CYwrRhw/6NOreLxKTCUzzInPju06xA9v11Bfss8AyztrjUHGFFlNSDv8t0NIpOA9 Slrbh+dJR/ZwkdBBgPy9 =ESC2 -----END PGP SIGNATURE----- --------------enig55B9D074C162579E4312E076--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50CA08C5.7060901>