From owner-cvs-all  Wed Jan 23 17:33: 0 2002
Delivered-To: cvs-all@freebsd.org
Received: from mail.hiwaay.net (fly.HiWAAY.net [208.147.154.56])
	by hub.freebsd.org (Postfix) with ESMTP
	id A96D737B402; Wed, 23 Jan 2002 17:32:46 -0800 (PST)
Received: from bsd.havk.org (user-24-214-88-13.knology.net [24.214.88.13])
	by mail.hiwaay.net (8.12.1/8.12.1) with ESMTP id g0O1WgBZ017559;
	Wed, 23 Jan 2002 19:32:43 -0600 (CST)
Received: by bsd.havk.org (Postfix, from userid 1001)
	id E44781A786; Wed, 23 Jan 2002 19:32:40 -0600 (CST)
Date: Wed, 23 Jan 2002 19:32:40 -0600
From: Steve Price <steve@FreeBSD.org>
To: Maxim Sobolev <sobomax@FreeBSD.org>,
	Robert Watson <rwatson@FreeBSD.org>,
	"David E. O'Brien" <obrien@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org, security-officer@FreeBSD.org
Subject: Re: cvs commit: ports/net/rsync Makefile ports/net/rsync/files patch-251-secfix
Message-ID: <20020123193240.M72686@bsd.havk.org>
References: <Pine.NEB.3.96L.1020123190443.49432B-100000@fledge.watson.org> <1011831273.264.49.camel@notebook> <20020123195726.T18609@squall.waterspout.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020123195726.T18609@squall.waterspout.com>; from will@csociety.org on Wed, Jan 23, 2002 at 07:57:26PM -0500
X-Operating-System: FreeBSD 4.5-PRERELEASE i386
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Wed, Jan 23, 2002 at 07:57:26PM -0500, Will Andrews wrote:

>> I think our package-meisters will apply the black magick necessary to
>> include that fix into 4.5. Nevertheless, security advisory is a must
>> because rsync is a very popular beast.
> 
> This change basically requires a full rebuild of the packages,
> since including the fix requires a modification to INDEX.  I'd
> rather let the security hole slide than push the release date
> any further.

Actually if I catch things before the first phase is complete I
have a little lattitude in making changes.  Yes it requires some
elbow grease but in this case not having an rsync or having one
with a known security hole just wasn't going to cut it.  rsync is
way too popular a package to have a release go out without it if
we can help it.

I've slid the tag and chanted the magic words and the release
will go out with the recently patched rsync.

In an attempt to stave off your next reply, yes I probably should
have discussed this with the rest of portmgr first.  However the
phase one build was almost complete so I made a quick judgement
call with my portmgr, re, and package building hats on.  If you'd
like to discuss it further, please let's take this discussion to
portmgr@ where it belongs.

-steve

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message