From owner-freebsd-ports@freebsd.org Mon Nov 12 22:06:29 2018 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DBFED1124BBB for ; Mon, 12 Nov 2018 22:06:29 +0000 (UTC) (envelope-from kpielorz_lst@tdx.co.uk) Received: from smtp.krpservers.com (smtp.krpservers.com [62.13.128.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.krpservers.com", Issuer "RapidSSL RSA CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1D7B386AE6; Mon, 12 Nov 2018 22:06:28 +0000 (UTC) (envelope-from kpielorz_lst@tdx.co.uk) Received: from [192.168.42.118] (vo.getonline.co.uk [62.13.128.251]) (authenticated bits=0) by smtp.krpservers.com (8.15.2/8.15.2) with ESMTPSA id wACM6Q25029602 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Nov 2018 22:06:27 GMT (envelope-from kpielorz_lst@tdx.co.uk) Date: Mon, 12 Nov 2018 22:06:25 +0000 From: Karl Pielorz To: Matthew Seaman , freebsd-ports@freebsd.org Subject: Re: pkg falls behind port version - how do ports become pkg's? Message-ID: <43B43CB95D1C6114A9D2CE0F@Mac-mini.local> In-Reply-To: References: <09E24A9CF2EF0A4276923670@[10.12.30.106]> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Rspamd-Queue-Id: 1D7B386AE6 X-Spamd-Result: default: False [-2.72 / 200.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:smtp.krpservers.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-0.02)[country: GB(-0.10)]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; MX_GOOD(-0.01)[cached: mx0.krpservers.com]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[tdx.co.uk,none]; NEURAL_HAM_SHORT(-0.89)[-0.893,0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:60969, ipnet:62.13.128.0/24, country:GB]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2018 22:06:30 -0000 --On 12 November 2018 at 16:20:52 +0000 Matthew Seaman wrote: Hi - thanks for your reply, and detailed info on ports / pkg behind the scenes! > If it's 'quarterly' (which is the default) then you'll not get an update > until the beginning of the next quarter -- which would be the start of > January 2019. The exception to this is when there's a security fix for > the package in question, which should appear within a day or so. Ok - all the systems here are on quarterly. I've just switched one to 'latest' - and, indeed - mysql56-server pkg installed is 5.6.42 - which appears to address the 30+ CVE's that 5.6.41 has tagged against it. > Nope. Official packages are built on the official package building > cluster. I'd guess that's the mythical Poudriere? ;) > The certainly aren't built by random port maintainers who may > be of particularly uncertain provenance and are not absolutely guaranteed > to have your best interests at heart.[*] >From what I can see mysql56-server in quarterly really does need updating to fix the CVE's - so who am I best emailing to ask if mysql56-server/client could be updated on security grounds? Thanks again, -Karl