Date: Tue, 19 Sep 2006 15:18:01 -0700 (PDT) From: Fred Cox <sailorfred@yahoo.com> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-ports@freebsd.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: www/dotproject out of date and vulnerable Message-ID: <20060919221806.17148.qmail@web31813.mail.mud.yahoo.com> In-Reply-To: <20060919220905.GA49727@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
It's current state is that it will install a vulnerable version with either the installed php and mysql client or php5 and mysql5. In the latter case, there are many bugs in the installed port. If I submit what I have now, it will install the updated version with PHP4. The user will still have to track down the mysql problem until I can do the right thing, but there will be a period of time while I learn about making a port from scratch. I'm trying to get a read on whether imperfect improvement is worth checking in, or whether the typical thing is to wait for perfection, even if that might take a while. Thanks, Fred --- Kris Kennaway <kris@obsecurity.org> wrote: > On Tue, Sep 19, 2006 at 02:42:37PM -0700, Fred Cox > wrote: > > Would you recommend doing the partial job of > updating > > the port for the vulnerability and requiring PHP4 > > while I work on the ultimate solution? > > It will result in a broken port unless you can > address the mysql > thing - there's no way around it. > > Kris > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060919221806.17148.qmail>