From owner-freebsd-pkg@freebsd.org  Wed Jul 13 09:23:45 2016
Return-Path: <owner-freebsd-pkg@freebsd.org>
Delivered-To: freebsd-pkg@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CAA8BB935B9
 for <freebsd-pkg@mailman.ysv.freebsd.org>;
 Wed, 13 Jul 2016 09:23:45 +0000 (UTC)
 (envelope-from rainer@ultra-secure.de)
Received: from connect.ultra-secure.de (connect.ultra-secure.de
 [88.198.71.201]) by mx1.freebsd.org (Postfix) with ESMTP id 24AC41E47
 for <freebsd-pkg@freebsd.org>; Wed, 13 Jul 2016 09:23:44 +0000 (UTC)
 (envelope-from rainer@ultra-secure.de)
Received: (Haraka outbound); Wed, 13 Jul 2016 11:22:32 +0200
Authentication-Results: connect.ultra-secure.de; auth=pass (login);
 spf=none smtp.mailfrom=ultra-secure.de
Received-SPF: None (connect.ultra-secure.de: domain of ultra-secure.de does
 not designate 127.0.0.10 as permitted sender)
 receiver=connect.ultra-secure.de; identity=mailfrom; client-ip=127.0.0.10;
 helo=connect.ultra-secure.de; envelope-from=<rainer@ultra-secure.de>
Received: from connect.ultra-secure.de (webmail [127.0.0.10])
 by connect.ultra-secure.de (Haraka/2.6.2-toaster) with ESMTPSA id
 68B54B98-E966-4C95-9B35-A19252D34267.1
 envelope-from <rainer@ultra-secure.de> (authenticated bits=0)
 (version=TLSv1/SSLv3 cipher=AES256-SHA verify=NO);
 Wed, 13 Jul 2016 11:22:30 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Wed, 13 Jul 2016 11:22:29 +0200
From: rainer@ultra-secure.de
To: freebsd-pkg@freebsd.org
Subject: downgrading packages
Message-ID: <b180369f78f8f9df6160fcbea98d95d7@ultra-secure.de>
X-Sender: rainer@ultra-secure.de
User-Agent: Roundcube Webmail/1.2.0
X-Haraka-GeoIP: --, , NaNkm
X-Haraka-GeoIP-Received: 
X-Haraka-p0f: os="undefined undefined" link_type="undefined"
 distance=undefined total_conn=undefined shared_ip=Y
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on spamassassin
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1
X-Haraka-Karma: score: 6, pass:relaying
X-BeenThere: freebsd-pkg@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Binary package management and package tools discussion
 <freebsd-pkg.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pkg>,
 <mailto:freebsd-pkg-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pkg/>
List-Post: <mailto:freebsd-pkg@freebsd.org>
List-Help: <mailto:freebsd-pkg-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pkg>,
 <mailto:freebsd-pkg-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2016 09:23:45 -0000

Hi,

I just had to do a downgrade from 2016Q3 to 2015Q2 because a customer 
realized his script to send mails with attachments relied on some PHP 
security-fix not being applied that came in more than a year ago.

I "locked" pkg in place, did a "pkg update -f && pkg upgrade -f" and 
rebooted.

It actually worked, but I'm always wondering if that is really such a 
good idea.

I build my own packages from the quarterly cuts of the ports-tree and 
fix the defaults of apache, php et.al to certain versions and generally 
try to stick to them for the whole of the major release-cycle (and I 
always built for the oldest supported release of that version), so 
there's little chance of having to do a major version downgrade on the 
application-side.