Date: Tue, 16 Jan 2007 13:10:34 +0800 From: LI Xin <delphij@delphij.net> To: Stevan Tiefert <stevan-tiefert@t-online.de> Cc: freebsd-chat@freebsd.org Subject: Re: Security Patches for Port Applications in Releases Message-ID: <45AC5E4A.3060008@delphij.net> In-Reply-To: <200701160525.22382.stevan-tiefert@t-online.de> References: <200701160525.22382.stevan-tiefert@t-online.de>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Stevan Tiefert wrote: > Hello list, > > I installed the new release 6.2 on my workstation. I installed also > portaudit > and run it immediatly afterwards. What have I to see? 5 vulnerable > packages > in my release. > > My questions: > - Why can I update FreeBSD with security-patches and the > Release-Packages have > no security-patches? > - What are then the advantages of release-packages/ports to > current-ports if I > can not update release-packages with security-patches? > - Is an security-patch-update-system for release-packages/ports planned? Due to manpower limitation, I think there is no plan to have so-called "security patches for release packages" at this moment. Administrators may use portupgrade's -rRPP option and pass the vulnerable package names to its command line, to install the latest -stable packages, which is usually updated frequently. Cheers, -- Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFrF5KOfuToMruuMARA7haAJwPQBjSRy4znid4A7Lz67drYeJzGQCdG77M hjJqIBGU8vQUy8nRAhfcuLI= =rrnI -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45AC5E4A.3060008>