Date: Mon, 26 Mar 2012 09:26:31 +0200 From: Radim Kolar <hsn@filez.com> To: Chris Rees <utisoft@gmail.com> Cc: ports@freebsd.org, pgsql@freebsd.org Subject: Re: Postgresql 8.2 branch - keep it in tree Message-ID: <4F701A27.6010806@filez.com> In-Reply-To: <CADLo83-Lxk3c=NJm3bLhZhNfc%2BdArNa%2B7NDVBKCmGKZV9X7A2w@mail.gmail.com> References: <4F6F14AF.9070501@filez.com> <CADLo83-Lxk3c=NJm3bLhZhNfc%2BdArNa%2B7NDVBKCmGKZV9X7A2w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm afraid it's not only end of life by upstream, but also vulnerable in more than one CVE, and will not be fixed. CVE Yes, but if you need particular DB version for your app, user will install it anyway. For security related point of view it does not matter if he installs it from ports or not. > Can you give more detail on exactly what you are trying to do? > According to app supplier it does not work in newer pgsql because: 1. Tsearch2 module changed 2. system catalogue changed 3. string escaping is slightly different There are no plans to update application to newer pgsql at this moment. Similar problem will be with postgresql 8.3. It is only known version which works with hyperic hq, hibernate complains on other version - "cant store XXXX class". 2) Booting tomcat 5.5 from tree is the same problem. It will be still in use for years, supported upstream or not. Most java apps today are still for tomcat 5.5 People dont care about CVE, they care about applications. Mark these ports as vulnerable, but keep them in port tree.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F701A27.6010806>