Re: ports freeze and portaudit alerts

From: Mark Linimon <linimon_at_lonesome.com>
Date: Sun, 10 Oct 2004 16:39:51 -0500 (CDT)
On Sun, 10 Oct 2004, Jon Noack wrote:

> > I just wondered if there is a policy to not upgrade ports under any
> > circumstances, or if this is just an oversight? I can imagine this
> > would make me very twitchy if I was running production boxes during a
> > freeze.... or have I missed something, and this doesn't affect 4.* users?
> 
> Updates for security issues generally happen very promptly during ports 
> freezes.  I think these cases are just oversight, either in the 
> reporting of updates (Mozilla/Firefox) or the actual updating itself (CUPS).

As far as I know, all of the security-related commit requests that
have been forwarded to portmgr have been approved, as well as all the
license-related changes and most of the build failure fixes.

The functionality fixes take a little bit longer to be responded to
as we try to figure out 'how critical' they are (there appear to be
no submissions to portmgr that 'aren't critical', at least to the
submitter :-) )

I figure that around 150-200 requests have come in during the freeze
and that 80% have been approved.

With all those, we haven't made an effort to go track down any
other security-related PRs in the database.  Perhaps we should
have, but as you can tell there has been no lack of things to
do otherwise ...

mcl
Received on Sun Oct 10 2004 - 19:39:54 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:16 UTC