Date: Fri, 23 Nov 2012 05:37:56 -0600 From: ajtiM <lumiwa@gmail.com> To: freebsd-ports@freebsd.org Subject: Re: Opera vulnerability, marked forbidden instead of update? Message-ID: <201211230537.57266.lumiwa@gmail.com> In-Reply-To: <50AF3B4B.9030704@freebsd.org> References: <20121123092631.3b0aff2f0902e02098c273b4@alkumuna.eu> <50AF3B4B.9030704@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 23 November 2012 03:00:59 Matthew Seaman wrote: > On 23/11/2012 08:26, Matthieu Volat wrote: > > I've noticed that www/opera was marked FORBIDDEN because of a security > > hole: > > http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-h > > ead > > > > The opera software compagny advisory indeed mark this bug as high > > severity, and mention that there is an update to fix it. > > > > I am not familiar with the security process in ports, but would not it be > > better to update the version? Marking it FORBIDDEN do not do much for > > the userbase that does already have it installed. > > > > I've bumped the versions in the Makefile > > OPERA_VER?= 12.11 > > OPERA_BUILD?= 1661 > > and made a `make makesum reinstall`, there was no apparent problem. > > Marking a port 'FORBIDDEN' is a quick response measure that can be done > without having to worry about time consuming testing the of port and so > forth. It's an interim measure taken to ensure that users do not > unwittingly install software with known vulnerabilities. > > Yes, updating the port to a non-vulnerable version is the ideal > response, but that may not be possible to do straight away. You've > sketched out the first couple of steps a port maintainer would take, but > that 'there was no apparent problem' statement would need to be backed > up by some more rigorous testing before a maintainer would feel > confident in committing the update. > > Cheers, > > Matthew I did the same and I don't have problems... Mitja -------- http://www.redbubble.com/people/lumiwa
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211230537.57266.lumiwa>