From owner-freebsd-current@FreeBSD.ORG  Sun Oct 10 21:39:54 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9F2CA16A53C; Sun, 10 Oct 2004 21:39:51 +0000 (GMT)
Received: from mail.soaustin.net (mail.soaustin.net [207.200.4.66])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8A9A243D3F; Sun, 10 Oct 2004 21:39:51 +0000 (GMT)
	(envelope-from linimon@lonesome.com)
Received: by mail.soaustin.net (Postfix, from userid 502)
	id 374B6148D7; Sun, 10 Oct 2004 16:39:51 -0500 (CDT)
Date: Sun, 10 Oct 2004 16:39:51 -0500 (CDT)
From: Mark Linimon <linimon@lonesome.com>
X-X-Sender: linimon@pancho
To: Jon Noack <noackjr@alumni.rice.edu>
In-Reply-To: <4169A79B.7090009@alumni.rice.edu>
Message-ID: <Pine.LNX.4.44.0410101633260.20983-100000@pancho>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mailman-Approved-At: Mon, 11 Oct 2004 11:56:51 +0000
cc: nectar@freebsd.org
cc: FreeBSD Current <freebsd-current@freebsd.org>
cc: Dick Davies <rasputnik@hellooperator.net>
Subject: Re: ports freeze and portaudit alerts
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Oct 2004 21:39:54 -0000

On Sun, 10 Oct 2004, Jon Noack wrote:

> > I just wondered if there is a policy to not upgrade ports under any
> > circumstances, or if this is just an oversight? I can imagine this
> > would make me very twitchy if I was running production boxes during a
> > freeze.... or have I missed something, and this doesn't affect 4.* users?
> 
> Updates for security issues generally happen very promptly during ports 
> freezes.  I think these cases are just oversight, either in the 
> reporting of updates (Mozilla/Firefox) or the actual updating itself (CUPS).

As far as I know, all of the security-related commit requests that
have been forwarded to portmgr have been approved, as well as all the
license-related changes and most of the build failure fixes.

The functionality fixes take a little bit longer to be responded to
as we try to figure out 'how critical' they are (there appear to be
no submissions to portmgr that 'aren't critical', at least to the
submitter :-) )

I figure that around 150-200 requests have come in during the freeze
and that 80% have been approved.

With all those, we haven't made an effort to go track down any
other security-related PRs in the database.  Perhaps we should
have, but as you can tell there has been no lack of things to
do otherwise ...

mcl