From owner-freebsd-security  Wed Mar 13  9:53:55 2002
Delivered-To: freebsd-security@freebsd.org
Received: from tulum.brsys.com (dnai-216-15-45-74.cust.dnai.com [216.15.45.74])
	by hub.freebsd.org (Postfix) with ESMTP id E97EF37B416
	for <freebsd-security@FreeBSD.ORG>; Wed, 13 Mar 2002 09:53:52 -0800 (PST)
Received: (from adamw@localhost)
	by tulum.brsys.com (8.10.0/8.10.0) id g2DIGkj04614;
	Wed, 13 Mar 2002 10:16:46 -0800 (PST)
Message-ID: <20020313101646.A4570@brsys.com>
Date: Wed, 13 Mar 2002 10:16:46 -0800
From: Adam Wight <adamw@brsys.com>
To: Andrew McNaughton <andrew@scoop.co.nz>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2)
References: <Pine.BSF.4.21.0203121730170.5001-100000@vapour.net> <20020313194713.A3633-100000@a2>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <20020313194713.A3633-100000@a2>; from Andrew McNaughton on Wed, Mar 13, 2002 at 07:53:32PM +1300
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

What about a new make target, "upgrade," that only sync'ed the ports
subtree for the port being built and its dependencies?

I don't think that ports needs a cvs branch for security fixes, but a
way to bring only a selected package up-to-date would be useful for its
speed and reduced cvsupd load after security advisories, as well as for
the decreased bandwidth on the users' boxes.

If this sounds good to people, I would be happy to implement it.

-adam wight

On Wed, Mar 13, 2002 at 07:53:32PM +1300, Andrew McNaughton wrote:
> On Tue, 12 Mar 2002, batz wrote:
> > Back to my original post, about whether cvs would be a useful way to
> > manage security specific information, so that people who just wanted to
> > fix open vulnerabilities could do so in a way that did not involve
> > sucking down most of the ports tree if they had not upgraded it in a while.
> >
> > Has anyone else done anything especially different for managing security
> > specific patches?
> 
> Rather than looking at separate distribution of ports, why not look at a
> protocol for providing a list of versions of ports which are insecure.
> This could be added into the daily security check.  No remedy to problems
> found, just notification.  Something similar to the version checking
> available through periodic at present except that it would only cover
> security issues.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message