Date: Sun, 10 Oct 2004 16:39:51 -0500 (CDT) From: Mark Linimon <linimon@lonesome.com> To: Jon Noack <noackjr@alumni.rice.edu> Cc: Dick Davies <rasputnik@hellooperator.net> Subject: Re: ports freeze and portaudit alerts Message-ID: <Pine.LNX.4.44.0410101633260.20983-100000@pancho> In-Reply-To: <4169A79B.7090009@alumni.rice.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 Oct 2004, Jon Noack wrote: > > I just wondered if there is a policy to not upgrade ports under any > > circumstances, or if this is just an oversight? I can imagine this > > would make me very twitchy if I was running production boxes during a > > freeze.... or have I missed something, and this doesn't affect 4.* users? > > Updates for security issues generally happen very promptly during ports > freezes. I think these cases are just oversight, either in the > reporting of updates (Mozilla/Firefox) or the actual updating itself (CUPS). As far as I know, all of the security-related commit requests that have been forwarded to portmgr have been approved, as well as all the license-related changes and most of the build failure fixes. The functionality fixes take a little bit longer to be responded to as we try to figure out 'how critical' they are (there appear to be no submissions to portmgr that 'aren't critical', at least to the submitter :-) ) I figure that around 150-200 requests have come in during the freeze and that 80% have been approved. With all those, we haven't made an effort to go track down any other security-related PRs in the database. Perhaps we should have, but as you can tell there has been no lack of things to do otherwise ... mcl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0410101633260.20983-100000>