From owner-freebsd-questions@FreeBSD.ORG Tue Oct 26 20:53:33 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7458016A4CE for ; Tue, 26 Oct 2004 20:53:33 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FC6D43D1D for ; Tue, 26 Oct 2004 20:53:33 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin08-en2 [10.13.10.153]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id i9QKrSFK015876; Tue, 26 Oct 2004 13:53:28 -0700 (PDT) Received: from [10.1.1.245] (nfw2.codefab.com [199.103.21.225] (may be forged)) (authenticated bits=0)i9QKrDOI011546; Tue, 26 Oct 2004 13:53:17 -0700 (PDT) In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <0B7E828C-2791-11D9-A6B1-003065ABFD92@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Tue, 26 Oct 2004 16:53:10 -0400 To: "Aaron P. Martinez" , Spiral Eyed Girl X-Mailer: Apple Mail (2.619) cc: freebsd-questions@freebsd.org Subject: Re: interim port versions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Oct 2004 20:53:33 -0000 On Oct 26, 2004, at 3:52 PM, Spiral Eyed Girl wrote: > Quick question: Whats a port freeze? Normally, the port committers make changes to the ports tree all of the time, on a continuing basis. A ports freeze occurs to help get the ports tree caught up and avoid making sweeping changes just before a new version of the OS is released. See: http://www.freebsd.org/releng/index.html During a ports freeze, changes need to be approved by portmgr. ------ On Oct 21, 2004, at 7:48 PM, Aaron P. Martinez wrote: > I'm new to the bsd's, came from linux and i'm having a bit of > difficulty > figuring out the general philosophy. OK. (Welcome!) > One of the major reasons that i decided to try out the 'bsds' is > because of the security. I'm having a hard time however figuring out > how security issues in the ports get dealt with when there is a port > freeze, like now. The best example i can think of is gaim...(i almost > didn't recheck the port on the 4.10 tree, it's now mysteriously up to > date, phew.) As I mentioned above, the ports tree still changes during a freeze. Security fixes to ports are very likely to get quick approval by portmgr. > ......slightly altered next paragraph.... > lets say i found out there is a msn slp buffer overflow (like > currently) > and i wanted to protect myself....so i cvsuped my ports tree and then > wanted to portupgrade....... problem is...since it's a port freeze...up > until a few days ago it's still at 0.82 not the 1.02 that is out now, > I > watched it and never saw version 1.00 or 1.01. Are the ports frozen > _except_for_security_fixes or am i missing something. I was going to say, "the latter", but maybe it's a little of both. :-) Note that you are free to update ports manually. Try looking for a PR containing the changes to update the port(s) you care about, or perhaps by doing the work yourself. > I looked around on the lists for this but didn't see it and it seems > like a fairly big deal if security issues arise during a freeze. This issue was recently discussed here: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=146244+0+/usr/local/www/ db/text/2004/freebsd-current/20041017.freebsd-current http://docs.freebsd.org/cgi/getmsg.cgi?fetch=149246+0+archive/2004/ freebsd-current/20041017.freebsd-current -- -Chuck