From owner-freebsd-ports@FreeBSD.ORG  Thu Dec 13 16:56:42 2012
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id B3AF3E4
 for <freebsd-ports@freebsd.org>; Thu, 13 Dec 2012 16:56:42 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 88C758FC1F
 for <freebsd-ports@freebsd.org>; Thu, 13 Dec 2012 16:56:42 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qBDGugZ4080497
 for <freebsd-ports@freebsd.org>; Thu, 13 Dec 2012 16:56:42 GMT
 (envelope-from bdrewery@freefall.freebsd.org)
Received: (from bdrewery@localhost)
 by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qBDGugS4080494
 for freebsd-ports@freebsd.org; Thu, 13 Dec 2012 16:56:42 GMT
 (envelope-from bdrewery)
Received: (qmail 26277 invoked from network); 13 Dec 2012 10:56:40 -0600
Received: from unknown (HELO ?192.168.0.74?) (freebsd@shatow.net@74.94.87.209)
 by sweb.xzibition.com with ESMTPA; 13 Dec 2012 10:56:40 -0600
Message-ID: <50CA08C5.7060901@FreeBSD.org>
Date: Thu, 13 Dec 2012 10:56:37 -0600
From: Bryan Drewery <bdrewery@freebsd.org>
Organization: FreeBSD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Matthias Andree <mandree@freebsd.org>
Subject: Re: [RFC/HEADSUP] portmaster default -w (preserve shared libraries)
References: <50C7576C.5040100@FreeBSD.org>
 <CA+7WWScXnLqW=5kuG9_1Tj6aYptUJeUQY-64zzvTtEGVcVK9Cg@mail.gmail.com>
 <CADLFtte=_oGVySzkUP+qSMHa=qU4k2uMZMA01ESgfYnEkunKdg@mail.gmail.com>
 <50C762C4.9080302@FreeBSD.org>
 <CADLo838vaR2bXme4bFC=toFagL0--2F0vjCi61Fr_RYMixkRsw@mail.gmail.com>
 <CADLFtte9kaBKUaxZvWzrJ4Bxoh_kAd=1CcQ3t2qUkE=TjyYEhQ@mail.gmail.com>
 <50C838EC.4000907@FreeBSD.org>
In-Reply-To: <50C838EC.4000907@FreeBSD.org>
X-Enigmail-Version: 1.4.6
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig55B9D074C162579E4312E076"
Cc: freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2012 16:56:42 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig55B9D074C162579E4312E076
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 12/12/2012 1:57 AM, Matthias Andree wrote:
> Am 11.12.2012 20:34, schrieb Jeremy Messenger:
>=20
>> If can't update all ports then please wait until when you can. I never=

>> have any problem to update all ports at a time by ran it over night
>> time. Or even better, use packages if you can't afford the ports
>> system.
>=20
> This is ridiculous. We know that there have been extended (months!)
> periods where we were stuck because all useful versions of some
> important library had security vulnerabilities.  The last pain I
> recollect was libxul.  Old version vulnerable, no new version, and then=

> when the new version was around, some dependencies did not work with
> libxul-10*.  This would in effect have meant "no update for months".
>=20
>=20
> Bryan, practially, I propose that portmaster should
>=20
> - list stored libraries on each and every run, and ask that the user
> updates those ports that use the old, saved, libraries, pointing to
> bsdadminutils and pkg_libchk.
>=20
> - we may need to save more than just the .so files, namely, the origin
> and portname of a saved library so that portmaster can run portaudit
> against those names to complain about security issues in saved librarie=
s.
>=20

Good points and ideas. I will keep those in mind.

--=20
Regards,
Bryan Drewery
bdrewery@freenode/EFNet


--------------enig55B9D074C162579E4312E076
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQygjJAAoJEG54KsA8mwz57EEQAIznkMtZPMC1YHRP6VeOnDS/
TqyjYLtnXxxSY2oevowTcAkP8WwCc78lcT2nCK/iMcR9mfAL74phxh1XGfNoIBth
jZpgDSLjXp/rL5N2r1y682PuZ1q8zkKGukyJO8rqASdxOYQURF2ZEAlGFBmo9jiX
ILN1oeSF5F17Kwxg9oiILouT7C5X+LYS8LVhmo79LzT36aGwWRA1JQ78thQPg5fW
9BIehjBSib4Bj2pCLbl4ca+nSWv1hUuyIe1lToct4M+Uixm04hSIXvxJJCg2Ap/a
JiolMNcDLhcZVFjmKRpJ9BhA1ujasD1lJeQAbHXt12RgGkOm6+j2rBFt08N/iHai
gxFs3fP5fTkWIcnKDsOZ6Ymf1gKdOy3ruWZoLy8By08ySl+9EkfuAXFtxYlLglMS
CUOPUxvTeLocS/BpaoHklJvWiQMKdS4aREPeJtFaTBFIsS6P8Hh6oP2cz2xeAZvA
gNhjvSp92lpX6kNv7aHwffkKqsUXgnkjcR9S3sy4CqAUhOeaqcoSxbGeTfiWSdWh
q+DEaSYqJER83oiaysUgVwWJK4mC/n53xxe1+JX2s9L5sLv/WrGD6eu+PXMKfgJ0
CYwrRhw/6NOreLxKTCUzzInPju06xA9v11Bfss8AyztrjUHGFFlNSDv8t0NIpOA9
Slrbh+dJR/ZwkdBBgPy9
=ESC2
-----END PGP SIGNATURE-----

--------------enig55B9D074C162579E4312E076--