From owner-freebsd-security@FreeBSD.ORG Fri Sep 26 21:18:12 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 75CDCDB4 for ; Fri, 26 Sep 2014 21:18:12 +0000 (UTC) Received: from mail-pd0-x236.google.com (mail-pd0-x236.google.com [IPv6:2607:f8b0:400e:c02::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 463B19CC for ; Fri, 26 Sep 2014 21:18:12 +0000 (UTC) Received: by mail-pd0-f182.google.com with SMTP id y10so1794286pdj.13 for ; Fri, 26 Sep 2014 14:18:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=oayiZoeZgH7LIe41+ew+nTdTgLd9T61IyIIiiX5D2yA=; b=uEOyxOpAf46gQPgpFE3TeZ8PmnpbaDAiUmNK0UW4sU8oOf4++tZBPTTHyg0wsvON0E 3hVHdn+mOe79TLHIGQ3cOPZKdslkJ3nEEFxWSRpTGXWXdUedAvKGNpvX075YXFOMH/x1 7CAQTRsJaTWtIfr10SbTrXlrH4I3J9dC0J0wgu35d/Cm7mjdL0cWV4PeCwQdPaty2KSY 1U52/V6af6V0uMFcc6FRIv2Gl7xRiYOEfjWDgsNKG4DlUA+t8KprreBXVDEN2n1I8dKv 8H+9iCknPK9cFnAgevWW/BYiE+6a62rb+TTlQjt/oluR/QevqKwKTqCivCwO9l83pdUO 39tQ== X-Received: by 10.70.131.13 with SMTP id oi13mr40713020pdb.23.1411766291775; Fri, 26 Sep 2014 14:18:11 -0700 (PDT) Received: from [10.0.1.31] (wsip-24-234-41-175.lv.lv.cox.net. [24.234.41.175]) by mx.google.com with ESMTPSA id rg1sm5787120pdb.14.2014.09.26.14.18.10 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Sep 2014 14:18:11 -0700 (PDT) Message-ID: <5425D80E.9000909@gmail.com> Date: Fri, 26 Sep 2014 14:18:06 -0700 From: Jungle Boogie User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: pkg repositories out of alignment References: <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> <54243F0F.6070904@FreeBSD.org> <54244982.8010002@FreeBSD.org> <20140925193555.GB28430@satori.lan> <20140926123803.GA30925@zxy.spb.ru> <1411761303.37126.172207289.07A402AF@webmail.messagingengine.com> In-Reply-To: <1411761303.37126.172207289.07A402AF@webmail.messagingengine.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2014 21:18:12 -0000 Dear Mark, -------------------------------------------- From: Mark Felder Sent: Fri, 26 Sep 2014 14:55:03 -0500 To: freebsd-security@freebsd.org Subject: Re: pkg repositories out of alignment (was: Re: bash velnerability) > > On Fri, Sep 26, 2014, at 10:25, Paul Hoffman wrote: >> >> I appreciate the speed that folks update the packages; I'm a bit >> distressed that 9.3 seems to be a second-class citizen for security >> fixes. (And I totally admit that I could be misreading the situation.) >> > > (speaking strictly as a consumer of the pkg repository) > > I am not aware of any other packages with security vulnerabilities that > have been updated on the repository outside of the planned once-a-week > schedule. This means if the package set is built and published and > immediately thereafter a vulnerability comes out for www/chromium, don't > expect to see the update until next week. But how do other operating systems build or patch new applications so quickly and make it available in a pkg manner? > > FYI, the repositories are built sequentially and I don't think there's a > preference of a certain release over another. They're working hard to > get these updated packages out the door as fast as possible. Is is alphabetical order? If so B should be coming up soon! ;) -- inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp: jungle-boogie@jit.si