From owner-freebsd-questions@FreeBSD.ORG Fri Oct 22 16:56:51 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C345216A4CE for ; Fri, 22 Oct 2004 16:56:51 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.194.102.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 971FD43D2D for ; Fri, 22 Oct 2004 16:56:51 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id EC02A51ECD; Fri, 22 Oct 2004 09:57:08 -0700 (PDT) Date: Fri, 22 Oct 2004 09:57:08 -0700 From: Kris Kennaway To: Randall Foster Message-ID: <20041022165708.GC82397@xor.obsecurity.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="JWEK1jqKZ6MHAcjA" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i cc: freebsd-questions@FreeBSD.org Subject: Re: interim port versions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Oct 2004 16:56:51 -0000 --JWEK1jqKZ6MHAcjA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 22, 2004 at 06:50:13AM -0700, Randall Foster wrote: > I'm new to the bsd's, came from linux and i'm having a bit of difficulty > figuring out the general philosophy. >=20 > One of the major reasons that i decided to try out the 'bsds' is > because of the security. I'm having a hard time however figuring out > how security issues in the ports get dealt with when there is a port > freeze, like now. The best example i can think of is gaim...(i almost > didn't recheck the port on the 4.10 tree, it's now mysteriously up to > date, phew.) >=20 > ......slightly altered next paragraph.... > lets say i found out there is a msn slp buffer overflow (like currently) > and i wanted to protect myself....so i cvsuped my ports tree and then > wanted to portupgrade....... problem is...since it's a port freeze...up > until a few days ago it's still at 0.82 not the 1.02 that is out now, I > watched it and never saw version 1.00 or 1.01. Are the ports frozen > _except_for_security_fixes or am i missing something. >=20 >=20 > I looked around on the lists for this but didn't see it and it seems > like a fairly big deal if security issues arise during a freeze. Easy..if a security fix is submitted to portmgr during a freeze, it's almost always going to be approved. Kris --JWEK1jqKZ6MHAcjA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBeTvkWry0BWjoQKURAkDCAKDGyIfQiGo1r+EzYBFSxdOHN4A3AACdF16R a4DTwJRyqc7jCldnu1uZlpE= =8xUP -----END PGP SIGNATURE----- --JWEK1jqKZ6MHAcjA--