From owner-freebsd-stable@FreeBSD.ORG Tue Dec 20 12:21:24 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B21AB16A41F for ; Tue, 20 Dec 2005 12:21:24 +0000 (GMT) (envelope-from freebsd.stable@melvyn.homeunix.org) Received: from sarevok.lan.melvyn.homeunix.org (i153153.upc-i.chello.nl [62.195.153.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77EE443D75 for ; Tue, 20 Dec 2005 12:21:15 +0000 (GMT) (envelope-from freebsd.stable@melvyn.homeunix.org) Received: by sarevok.lan.melvyn.homeunix.org (Postfix, from userid 100) id 59D9811454; Tue, 20 Dec 2005 13:21:13 +0100 (CET) From: Melvyn Sopacua To: freebsd-stable@freebsd.org Date: Tue, 20 Dec 2005 13:21:13 +0100 User-Agent: KMail/1.8.3 References: <43A7A3F7.7060500@mail.ru> <200512201215.30165.freebsd.stable@melvyn.homeunix.org> <20051220113907.GB66112@melkor.kh405.net> In-Reply-To: <20051220113907.GB66112@melkor.kh405.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200512201321.13197.freebsd.stable@melvyn.homeunix.org> Subject: Re: ports security branch X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2005 12:21:24 -0000 On Tuesday 20 December 2005 12:39, Marwan Burelle wrote: > The point is not that this is always true, but that you have to handle > those kinds of problems if you want to maintain a security branch for > ports. The point is, that it is irrelevant. Ports are independant of the base system. There is no need for a security branch of the ports tree. The ports that rely on specifics in the base system, handle it themselves via BROKEN, FreeBSD_version and friends. The ports tree is only tagged for a specific release, so that release cdroms can be made. The only thing that makes sense is pre-compiled packages being updated for security branches of the base system - but, that is only worth-while if there's a large enough userbase that has an /etc/make.conf without NO_ flags. Since for example I have no need for Kerberos, I cannot use the FreeBSD provided packages for the ones that make sense, as they all link libgssapi (subversion pulls it in through www/neon, smbclient because of ports/90238 and thus kde*). -- Melvyn Sopacua freebsd.stable@melvyn.homeunix.org FreeBSD 6.0-STABLE Qt: 3.3.5 KDE: 3.4.3