Date: Tue, 26 Oct 2004 16:53:10 -0400 From: Charles Swiger <cswiger@mac.com> To: "Aaron P. Martinez" <ml@proficuous.com>, Spiral Eyed Girl <spiraleyedgirl@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: interim port versions Message-ID: <0B7E828C-2791-11D9-A6B1-003065ABFD92@mac.com> In-Reply-To: <BAY12-F20i6bdVJWrGW0002bcfd@hotmail.com> References: <BAY12-F20i6bdVJWrGW0002bcfd@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 26, 2004, at 3:52 PM, Spiral Eyed Girl wrote: > Quick question: Whats a port freeze? Normally, the port committers make changes to the ports tree all of the time, on a continuing basis. A ports freeze occurs to help get the ports tree caught up and avoid making sweeping changes just before a new version of the OS is released. See: http://www.freebsd.org/releng/index.html During a ports freeze, changes need to be approved by portmgr. ------ On Oct 21, 2004, at 7:48 PM, Aaron P. Martinez wrote: > I'm new to the bsd's, came from linux and i'm having a bit of > difficulty > figuring out the general philosophy. OK. (Welcome!) > One of the major reasons that i decided to try out the 'bsds' is > because of the security. I'm having a hard time however figuring out > how security issues in the ports get dealt with when there is a port > freeze, like now. The best example i can think of is gaim...(i almost > didn't recheck the port on the 4.10 tree, it's now mysteriously up to > date, phew.) As I mentioned above, the ports tree still changes during a freeze. Security fixes to ports are very likely to get quick approval by portmgr. > ......slightly altered next paragraph.... > lets say i found out there is a msn slp buffer overflow (like > currently) > and i wanted to protect myself....so i cvsuped my ports tree and then > wanted to portupgrade....... problem is...since it's a port freeze...up > until a few days ago it's still at 0.82 not the 1.02 that is out now, > I > watched it and never saw version 1.00 or 1.01. Are the ports frozen > _except_for_security_fixes or am i missing something. I was going to say, "the latter", but maybe it's a little of both. :-) Note that you are free to update ports manually. Try looking for a PR containing the changes to update the port(s) you care about, or perhaps by doing the work yourself. > I looked around on the lists for this but didn't see it and it seems > like a fairly big deal if security issues arise during a freeze. This issue was recently discussed here: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=146244+0+/usr/local/www/ db/text/2004/freebsd-current/20041017.freebsd-current http://docs.freebsd.org/cgi/getmsg.cgi?fetch=149246+0+archive/2004/ freebsd-current/20041017.freebsd-current -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0B7E828C-2791-11D9-A6B1-003065ABFD92>