On Sun, 10 Oct 2004, Jon Noack wrote: > > I just wondered if there is a policy to not upgrade ports under any > > circumstances, or if this is just an oversight? I can imagine this > > would make me very twitchy if I was running production boxes during a > > freeze.... or have I missed something, and this doesn't affect 4.* users? > > Updates for security issues generally happen very promptly during ports > freezes. I think these cases are just oversight, either in the > reporting of updates (Mozilla/Firefox) or the actual updating itself (CUPS). As far as I know, all of the security-related commit requests that have been forwarded to portmgr have been approved, as well as all the license-related changes and most of the build failure fixes. The functionality fixes take a little bit longer to be responded to as we try to figure out 'how critical' they are (there appear to be no submissions to portmgr that 'aren't critical', at least to the submitter :-) ) I figure that around 150-200 requests have come in during the freeze and that 80% have been approved. With all those, we haven't made an effort to go track down any other security-related PRs in the database. Perhaps we should have, but as you can tell there has been no lack of things to do otherwise ... mclReceived on Sun Oct 10 2004 - 19:39:54 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:16 UTC