From owner-freebsd-stable@FreeBSD.ORG  Tue Dec 20 11:15:32 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1D56116A41F
	for <freebsd-stable@freebsd.org>; Tue, 20 Dec 2005 11:15:32 +0000 (GMT)
	(envelope-from freebsd.stable@melvyn.homeunix.org)
Received: from sarevok.lan.melvyn.homeunix.org (i153153.upc-i.chello.nl
	[62.195.153.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 57CAD43D46
	for <freebsd-stable@freebsd.org>; Tue, 20 Dec 2005 11:15:31 +0000 (GMT)
	(envelope-from freebsd.stable@melvyn.homeunix.org)
Received: by sarevok.lan.melvyn.homeunix.org (Postfix, from userid 100)
	id 5009A11454; Tue, 20 Dec 2005 12:15:30 +0100 (CET)
From: Melvyn Sopacua <freebsd.stable@melvyn.homeunix.org>
To: freebsd-stable@freebsd.org
Date: Tue, 20 Dec 2005 12:15:30 +0100
User-Agent: KMail/1.8.3
References: <43A7A3F7.7060500@mail.ru> <43A7DA65.1020801@mail.ru>
	<20051220110315.GA66112@melkor.kh405.net>
In-Reply-To: <20051220110315.GA66112@melkor.kh405.net>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-6"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200512201215.30165.freebsd.stable@melvyn.homeunix.org>
Subject: Re: ports security branch
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2005 11:15:32 -0000

On Tuesday 20 December 2005 12:03, Marwan Burelle wrote:

> Relying on the maintainer work is a good starting point, you may trust
> him for doing only the needed updates for those ports that requier
> security concerns. But even here, major updates of widely used libs
> imply rebuild of most of the ports, even when no security issue
> arises.

No it doesn't. Only with static linking or when interfaces changed, which is 
not always the case. The fact that the gnome project is fond of changing 
library versions with every release doesn't mean there aren't sane projects.
Typically security patches do not update library versions, allthough it is 
possible if the interface is insecure by design.

Example: freetype was updated
wc -l /var/db/pkg/freetype2-2.1.10_2/+REQUIRED_BY
     111 /var/db/pkg/freetype2-2.1.10_2/+REQUIRED_BY

Not a single port rebuilt, 111 packages re-packed, but that's it.
-- 
Melvyn Sopacua
freebsd.stable@melvyn.homeunix.org

FreeBSD 6.0-STABLE
Qt: 3.3.5
KDE: 3.4.3