Date: Wed, 23 Jan 2002 19:32:40 -0600 From: Steve Price <steve@FreeBSD.org> To: Maxim Sobolev <sobomax@FreeBSD.org>, Robert Watson <rwatson@FreeBSD.org>, "David E. O'Brien" <obrien@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: cvs commit: ports/net/rsync Makefile ports/net/rsync/files patch-251-secfix Message-ID: <20020123193240.M72686@bsd.havk.org> In-Reply-To: <20020123195726.T18609@squall.waterspout.com>; from will@csociety.org on Wed, Jan 23, 2002 at 07:57:26PM -0500 References: <Pine.NEB.3.96L.1020123190443.49432B-100000@fledge.watson.org> <1011831273.264.49.camel@notebook> <20020123195726.T18609@squall.waterspout.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 23, 2002 at 07:57:26PM -0500, Will Andrews wrote: >> I think our package-meisters will apply the black magick necessary to >> include that fix into 4.5. Nevertheless, security advisory is a must >> because rsync is a very popular beast. > > This change basically requires a full rebuild of the packages, > since including the fix requires a modification to INDEX. I'd > rather let the security hole slide than push the release date > any further. Actually if I catch things before the first phase is complete I have a little lattitude in making changes. Yes it requires some elbow grease but in this case not having an rsync or having one with a known security hole just wasn't going to cut it. rsync is way too popular a package to have a release go out without it if we can help it. I've slid the tag and chanted the magic words and the release will go out with the recently patched rsync. In an attempt to stave off your next reply, yes I probably should have discussed this with the rest of portmgr first. However the phase one build was almost complete so I made a quick judgement call with my portmgr, re, and package building hats on. If you'd like to discuss it further, please let's take this discussion to portmgr@ where it belongs. -steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020123193240.M72686>