From owner-freebsd-ports@FreeBSD.ORG Tue Sep 19 22:18:19 2006 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8FF5716A416 for ; Tue, 19 Sep 2006 22:18:19 +0000 (UTC) (envelope-from sailorfred@yahoo.com) Received: from web31813.mail.mud.yahoo.com (web31813.mail.mud.yahoo.com [68.142.207.76]) by mx1.FreeBSD.org (Postfix) with SMTP id BF30E43D45 for ; Tue, 19 Sep 2006 22:18:08 +0000 (GMT) (envelope-from sailorfred@yahoo.com) Received: (qmail 17150 invoked by uid 60001); 19 Sep 2006 22:18:06 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=GApgxv32ldqurb1MF35j3v5MBcP8xyA49TMv84TmwfqpDYissFSlOn5feJ79tx3vTsrZBR2XHM+KA+qYZlCeB6PAJc4Wwf87sWm12Uhxbrs05oMKJ8QrrCPurM+Ss8Bb1ehc2V+Tr5ep4BSFsMQrdbLmfhrjET++Bko3UXFUbRU= ; Message-ID: <20060919221806.17148.qmail@web31813.mail.mud.yahoo.com> Received: from [64.18.7.193] by web31813.mail.mud.yahoo.com via HTTP; Tue, 19 Sep 2006 15:18:01 PDT Date: Tue, 19 Sep 2006 15:18:01 -0700 (PDT) From: Fred Cox To: Kris Kennaway In-Reply-To: <20060919220905.GA49727@xor.obsecurity.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-ports@freebsd.org, Kris Kennaway Subject: Re: www/dotproject out of date and vulnerable X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2006 22:18:19 -0000 It's current state is that it will install a vulnerable version with either the installed php and mysql client or php5 and mysql5. In the latter case, there are many bugs in the installed port. If I submit what I have now, it will install the updated version with PHP4. The user will still have to track down the mysql problem until I can do the right thing, but there will be a period of time while I learn about making a port from scratch. I'm trying to get a read on whether imperfect improvement is worth checking in, or whether the typical thing is to wait for perfection, even if that might take a while. Thanks, Fred --- Kris Kennaway wrote: > On Tue, Sep 19, 2006 at 02:42:37PM -0700, Fred Cox > wrote: > > Would you recommend doing the partial job of > updating > > the port for the vulnerability and requiring PHP4 > > while I work on the ultimate solution? > > It will result in a broken port unless you can > address the mysql > thing - there's no way around it. > > Kris > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com