Date: Mon, 12 Nov 2018 22:06:25 +0000 From: Karl Pielorz <kpielorz_lst@tdx.co.uk> To: Matthew Seaman <matthew@FreeBSD.org>, freebsd-ports@freebsd.org Subject: Re: pkg falls behind port version - how do ports become pkg's? Message-ID: <43B43CB95D1C6114A9D2CE0F@Mac-mini.local> In-Reply-To: <cf8e4306-3646-1698-ea93-975b455f6913@FreeBSD.org> References: <09E24A9CF2EF0A4276923670@[10.12.30.106]> <cf8e4306-3646-1698-ea93-975b455f6913@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--On 12 November 2018 at 16:20:52 +0000 Matthew Seaman <matthew@FreeBSD.org> wrote: Hi - thanks for your reply, and detailed info on ports / pkg behind the scenes! > If it's 'quarterly' (which is the default) then you'll not get an update > until the beginning of the next quarter -- which would be the start of > January 2019. The exception to this is when there's a security fix for > the package in question, which should appear within a day or so. Ok - all the systems here are on quarterly. I've just switched one to 'latest' - and, indeed - mysql56-server pkg installed is 5.6.42 - which appears to address the 30+ CVE's that 5.6.41 has tagged against it. > Nope. Official packages are built on the official package building > cluster. I'd guess that's the mythical Poudriere? ;) > The certainly aren't built by random port maintainers who may > be of particularly uncertain provenance and are not absolutely guaranteed > to have your best interests at heart.[*] >From what I can see mysql56-server in quarterly really does need updating to fix the CVE's - so who am I best emailing to ask if mysql56-server/client could be updated on security grounds? Thanks again, -Karl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43B43CB95D1C6114A9D2CE0F>