Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 15 Jun 2014 17:51:12 +0100
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: Port Changes FAQ
Message-ID:  <539DCF00.2030601@FreeBSD.org>
In-Reply-To: <CANnsUMFNoueDmhhCOi%2BMwj39-L5oLCgqfBdD=HEm05s2xE9yJQ@mail.gmail.com>
References:  <CANnsUMGxkDTxVnD_dq5L2SfXtppbYzJsB08kYm1h0zpFkkYMGQ@mail.gmail.com> <20140615022626.7111be2c.freebsd@edvax.de> <20140615100636.GB23568@slackbox.erewhon.home> <CANnsUMFNoueDmhhCOi%2BMwj39-L5oLCgqfBdD=HEm05s2xE9yJQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--MoqocklVI2xOfgpeuLhu7KIbxf8sLqRjJ
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 15/06/2014 14:38, Chris Maness wrote:
> Thanks, guys.  I like the new pkg (8) command.  Will they be
> recompiling ports whenever they have been patched against
> vulnerabilities?

The official pkg sets get updated on a weekly basis -- a snap shot of
the ports tree is taken on a Wednesday, and packages are built from
that, which generally takes a few days, so new packages are usually
available on Saturday.

The worst case scenario is that a vulnerability is announced on a
Wednesday after the weekly build has begun, so the fixed package
wouldn't then appear in the repos until about 10 days later.

For a really serious vulnerability with exploits in the wild, I'm sure
the usual package building schedule would be modified.  It's also the
case that portmgr (who are in charge of building the packages) work
closely with secteam and ports-secteam so can get advanced warning
before vulnerabilities are published.  Meaning they could have fixed
packages ready when the announcement is made.  But that depends on many
outside factors, so cannot be relied upon.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey



--MoqocklVI2xOfgpeuLhu7KIbxf8sLqRjJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJ8BAEBCgBmBQJTnc8AXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATjbIQAJRKJk10P/pJDrqZB7eqfyOs
9MZZ0XBB/kRCQlG+hz9krlfb9k97XdcpTFIpXXjE5kGWxi+zsgLJA0tHI6wGLTPF
P+gkUgXiInCo0ax3hS+AxNLoQlNeF1AuNTi2OUCylZeoKxm5gu7zx0hNAGnaJ/Uy
XMsRXuscbF8pi9VuiSiJ26jhkbxh3BLZJ8IT878gnEnx09YKz2jgD2LjeK5Q6wKV
e1WDzVKNuUV0ocT/liZPVK1U34xFtwYUx9kiubjvJb7ELryhUR17lB7pImYHdUC1
VaWRJM2al466Sw9N+GN9/uMtE936K2Kfuau202Tl7lZEfU7SVufRYxAJNrxV2EHj
UMqVsnwAr/DgyRv1Y7iVuLLxysz9SYqdi9ZAo/NKOahJXRJIWs349RN/AonAXrev
0BPyxdvka3gy9hp8ovvbtHYh4fz07VsNPo9Qi4q6j9AiONY2mseT6umzPOvbudsK
6xh0z6POb4SR8+dUqtRVP1s4O/iS24da5DimHDnF3OvhdbE/KG/tNT+ZL4WiCVtf
UyWK58mmSmL12/gWzKYv0YZpATbHXEfSVKnVD5h7leifOljr7fP8hVsahE2PcBbK
JF0eEspqW9yWNZfaYoVi8F3gqpZbD0MkbRijHSKOnwDyz91n2juAwyC/HnyqM5SK
HfzaiTyMfAB+ISxHNDrW
=wLG/
-----END PGP SIGNATURE-----

--MoqocklVI2xOfgpeuLhu7KIbxf8sLqRjJ--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?539DCF00.2030601>