From owner-freebsd-questions@FreeBSD.ORG Sun Jun 15 16:51:24 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5C23A460 for ; Sun, 15 Jun 2014 16:51:24 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id EE8432A2B for ; Sun, 15 Jun 2014 16:51:23 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s5FGpC5c043844 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Sun, 15 Jun 2014 17:51:14 +0100 (BST) (envelope-from matthew@FreeBSD.org) Authentication-Results: lucid-nonsense.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s5FGpC5c043844 Authentication-Results: smtp.infracaninophile.co.uk/s5FGpC5c043844; dkim=none reason="no signature"; dkim-adsp=none Message-ID: <539DCF00.2030601@FreeBSD.org> Date: Sun, 15 Jun 2014 17:51:12 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Port Changes FAQ References: <20140615022626.7111be2c.freebsd@edvax.de> <20140615100636.GB23568@slackbox.erewhon.home> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="MoqocklVI2xOfgpeuLhu7KIbxf8sLqRjJ" X-Virus-Scanned: clamav-milter 0.98.3 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jun 2014 16:51:24 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --MoqocklVI2xOfgpeuLhu7KIbxf8sLqRjJ Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 15/06/2014 14:38, Chris Maness wrote: > Thanks, guys. I like the new pkg (8) command. Will they be > recompiling ports whenever they have been patched against > vulnerabilities? The official pkg sets get updated on a weekly basis -- a snap shot of the ports tree is taken on a Wednesday, and packages are built from that, which generally takes a few days, so new packages are usually available on Saturday. The worst case scenario is that a vulnerability is announced on a Wednesday after the weekly build has begun, so the fixed package wouldn't then appear in the repos until about 10 days later. For a really serious vulnerability with exploits in the wild, I'm sure the usual package building schedule would be modified. It's also the case that portmgr (who are in charge of building the packages) work closely with secteam and ports-secteam so can get advanced warning before vulnerabilities are published. Meaning they could have fixed packages ready when the announcement is made. But that depends on many outside factors, so cannot be relied upon. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --MoqocklVI2xOfgpeuLhu7KIbxf8sLqRjJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTnc8AXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATjbIQAJRKJk10P/pJDrqZB7eqfyOs 9MZZ0XBB/kRCQlG+hz9krlfb9k97XdcpTFIpXXjE5kGWxi+zsgLJA0tHI6wGLTPF P+gkUgXiInCo0ax3hS+AxNLoQlNeF1AuNTi2OUCylZeoKxm5gu7zx0hNAGnaJ/Uy XMsRXuscbF8pi9VuiSiJ26jhkbxh3BLZJ8IT878gnEnx09YKz2jgD2LjeK5Q6wKV e1WDzVKNuUV0ocT/liZPVK1U34xFtwYUx9kiubjvJb7ELryhUR17lB7pImYHdUC1 VaWRJM2al466Sw9N+GN9/uMtE936K2Kfuau202Tl7lZEfU7SVufRYxAJNrxV2EHj UMqVsnwAr/DgyRv1Y7iVuLLxysz9SYqdi9ZAo/NKOahJXRJIWs349RN/AonAXrev 0BPyxdvka3gy9hp8ovvbtHYh4fz07VsNPo9Qi4q6j9AiONY2mseT6umzPOvbudsK 6xh0z6POb4SR8+dUqtRVP1s4O/iS24da5DimHDnF3OvhdbE/KG/tNT+ZL4WiCVtf UyWK58mmSmL12/gWzKYv0YZpATbHXEfSVKnVD5h7leifOljr7fP8hVsahE2PcBbK JF0eEspqW9yWNZfaYoVi8F3gqpZbD0MkbRijHSKOnwDyz91n2juAwyC/HnyqM5SK HfzaiTyMfAB+ISxHNDrW =wLG/ -----END PGP SIGNATURE----- --MoqocklVI2xOfgpeuLhu7KIbxf8sLqRjJ--