Date: Tue, 16 Jun 2009 17:34:47 +0200 From: Dominic Fandrey <kamikaze@bsdforen.de> To: Mel Flynn <mel.flynn+fbsd.ports@mailing.thruhere.net> Cc: Boris Samorodov <bsam@ipt.ru>, freebsd-ports@freebsd.org Subject: Re: pkg_libchk: a missing library is not detected Message-ID: <4A37BB97.8080405@bsdforen.de> In-Reply-To: <200906151009.19181.mel.flynn%2Bfbsd.ports@mailing.thruhere.net> References: <88733235@bb.ipt.ru> <4A36288D.2080402@bsdforen.de> <200906151009.19181.mel.flynn%2Bfbsd.ports@mailing.thruhere.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mel Flynn wrote: > On Monday 15 June 2009 02:55:09 Dominic Fandrey wrote: >> Sorry for the late reply, this was auto-sorted into the ports@ mails >> and drowned there. >> >> Boris Samorodov wrote: > >>> As I understand pkg_upgrade does not preserve old libraries at >>> /usr/local/lib/compat? >> That's true. I consider this common approach a security risk. > > It is a service interruption to delete libraries that are still used and this > can also lead to security problems. > However, pkg_upgrade cannot ever hope to fix this problem, because the > buildservers do not unconditionally rebuild packages that mention the upgraded > port in LIB_DEPENDS, therefore it is better to leave these shared libraries > around. To me something not working seems to be less of a security problem than linking to a vulnerable library. >> To ensure that you get the newest packages wipe >> /usr/ports/packages/All. > > Erm, the download time associated with that approach doesn't really speed up > things, nor does it guarantee that you will have working binaries if the port > maintainer forgot to version bump a port. Well, you don't ever need them again after having them installed once, so I don't see the problem. And at least from pointyhead I've never head broken linking, even when the package was not version bumped, so I think there's some kind of human intervention, or I was lucky. Proper version bumping solves both problems, though and it is rarely forgotten lately. So the issue is much smaller, now than it would have been a couple of years ago. Also I do not see a way for my tool to handle this in any acceptable way. If you've got an idea, go ahead and tell me. I actually want to deal with as many problems as possible without user intervention. It's about making life easier, after all.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A37BB97.8080405>