From owner-freebsd-questions@FreeBSD.ORG Sun Jun 15 21:03:31 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D32D279F; Sun, 15 Jun 2014 21:03:31 +0000 (UTC) Received: from mail-vc0-x231.google.com (mail-vc0-x231.google.com [IPv6:2607:f8b0:400c:c03::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 31D562215; Sun, 15 Jun 2014 21:03:31 +0000 (UTC) Received: by mail-vc0-f177.google.com with SMTP id ij19so4071705vcb.8 for ; Sun, 15 Jun 2014 14:03:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=zJ29TV148urugcqaP5ai65lAq0DcgAdQFd4M7nkQRYY=; b=TfEF5sbPZzSazVG5fQt5OCIs4//kBgc6Sd0qL0vQQo9BaY7BXl9/ZUzLiU/hTNlIzw ulrDdLSwh+niGfQ6mz1dVvq1723wt+6aQvhpfHcOpTAnwKU/GerApvlOi9lmVLOiwNdX i/EnVuc5j87JJ1Ym/HZ4NtlKhL3lJYfAY0piY7mKd998qcdVQpEBFErZLblxMxDx6Xgf gmia07skfbFTQbK08QucEWUrKLZ1xJC98d9YAveG2hW+L51g+qr6x7e8uvuO7Rp97fEb OKE1UUkLcW2s7vjExxvCXxizXi00OnawmevMfEQZ5rpbkW/edkmLZO7GGwPw2sP1kSXg DHEg== MIME-Version: 1.0 X-Received: by 10.220.165.6 with SMTP id g6mr12727268vcy.17.1402866210275; Sun, 15 Jun 2014 14:03:30 -0700 (PDT) Sender: christopher.maness@gmail.com Received: by 10.58.191.35 with HTTP; Sun, 15 Jun 2014 14:03:30 -0700 (PDT) In-Reply-To: <539DCF00.2030601@FreeBSD.org> References: <20140615022626.7111be2c.freebsd@edvax.de> <20140615100636.GB23568@slackbox.erewhon.home> <539DCF00.2030601@FreeBSD.org> Date: Sun, 15 Jun 2014 14:03:30 -0700 X-Google-Sender-Auth: BElziXLUT3Cil1l-yiIg6CK7nIw Message-ID: Subject: Re: Port Changes FAQ From: Chris Maness To: Matthew Seaman , "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jun 2014 21:03:31 -0000 Thanks, Matt for illuminating this process. Chris On Sun, Jun 15, 2014 at 9:51 AM, Matthew Seaman wrote: > On 15/06/2014 14:38, Chris Maness wrote: >> Thanks, guys. I like the new pkg (8) command. Will they be >> recompiling ports whenever they have been patched against >> vulnerabilities? > > The official pkg sets get updated on a weekly basis -- a snap shot of > the ports tree is taken on a Wednesday, and packages are built from > that, which generally takes a few days, so new packages are usually > available on Saturday. > > The worst case scenario is that a vulnerability is announced on a > Wednesday after the weekly build has begun, so the fixed package > wouldn't then appear in the repos until about 10 days later. > > For a really serious vulnerability with exploits in the wild, I'm sure > the usual package building schedule would be modified. It's also the > case that portmgr (who are in charge of building the packages) work > closely with secteam and ports-secteam so can get advanced warning > before vulnerabilities are published. Meaning they could have fixed > packages ready when the announcement is made. But that depends on many > outside factors, so cannot be relied upon. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. > PGP: http://www.infracaninophile.co.uk/pgpkey > >