Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Mar 2012 09:26:31 +0200
From:      Radim Kolar <hsn@filez.com>
To:        Chris Rees <utisoft@gmail.com>
Cc:        ports@freebsd.org, pgsql@freebsd.org
Subject:   Re: Postgresql 8.2 branch - keep it in tree
Message-ID:  <4F701A27.6010806@filez.com>
In-Reply-To: <CADLo83-Lxk3c=NJm3bLhZhNfc%2BdArNa%2B7NDVBKCmGKZV9X7A2w@mail.gmail.com>
References:  <4F6F14AF.9070501@filez.com> <CADLo83-Lxk3c=NJm3bLhZhNfc%2BdArNa%2B7NDVBKCmGKZV9X7A2w@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
 > I'm afraid it's not only end of life by upstream, but also vulnerable 
in more than one CVE, and will not be fixed.
CVE Yes, but if you need particular DB version for your app, user will 
install it anyway. For security related point of view it does not matter 
if he installs it from ports or not.

> Can you give more detail on exactly what you are trying to do?
>
According to app supplier it does not work in newer pgsql because:
1. Tsearch2 module changed
2. system catalogue changed
3. string escaping is slightly different

There are no plans to update application to newer pgsql at this moment. 
Similar problem will be with postgresql 8.3. It is only known version 
which works with hyperic hq, hibernate complains on other version - 
"cant store XXXX class".

2) Booting tomcat 5.5 from tree is the same problem. It will be still in 
use for years, supported upstream or not. Most java apps today are still 
for tomcat 5.5

People dont care about CVE, they care about applications. Mark these 
ports as vulnerable, but keep them in port tree.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F701A27.6010806>