Date: Wed, 12 Dec 2012 08:57:32 +0100 From: Matthias Andree <mandree@FreeBSD.org> To: freebsd-ports@freebsd.org, Bryan Drewery <bdrewery@freebsd.org> Subject: Re: [RFC/HEADSUP] portmaster default -w (preserve shared libraries) Message-ID: <50C838EC.4000907@FreeBSD.org> In-Reply-To: <CADLFtte9kaBKUaxZvWzrJ4Bxoh_kAd=1CcQ3t2qUkE=TjyYEhQ@mail.gmail.com> References: <50C7576C.5040100@FreeBSD.org> <CA%2B7WWScXnLqW=5kuG9_1Tj6aYptUJeUQY-64zzvTtEGVcVK9Cg@mail.gmail.com> <CADLFtte=_oGVySzkUP%2BqSMHa=qU4k2uMZMA01ESgfYnEkunKdg@mail.gmail.com> <50C762C4.9080302@FreeBSD.org> <CADLo838vaR2bXme4bFC=toFagL0--2F0vjCi61Fr_RYMixkRsw@mail.gmail.com> <CADLFtte9kaBKUaxZvWzrJ4Bxoh_kAd=1CcQ3t2qUkE=TjyYEhQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 11.12.2012 20:34, schrieb Jeremy Messenger: > If can't update all ports then please wait until when you can. I never > have any problem to update all ports at a time by ran it over night > time. Or even better, use packages if you can't afford the ports > system. This is ridiculous. We know that there have been extended (months!) periods where we were stuck because all useful versions of some important library had security vulnerabilities. The last pain I recollect was libxul. Old version vulnerable, no new version, and then when the new version was around, some dependencies did not work with libxul-10*. This would in effect have meant "no update for months". Bryan, practially, I propose that portmaster should - list stored libraries on each and every run, and ask that the user updates those ports that use the old, saved, libraries, pointing to bsdadminutils and pkg_libchk. - we may need to save more than just the .so files, namely, the origin and portname of a saved library so that portmaster can run portaudit against those names to complain about security issues in saved libraries.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50C838EC.4000907>