Date: Sun, 15 Jun 2014 14:03:30 -0700 From: Chris Maness <chris@chrismaness.com> To: Matthew Seaman <matthew@freebsd.org>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Port Changes FAQ Message-ID: <CANnsUMEZ8Lfrd%2BdV2kPVJ0T%2BL8vnE8buNmcujq1sFb5AUP=sGA@mail.gmail.com> In-Reply-To: <539DCF00.2030601@FreeBSD.org> References: <CANnsUMGxkDTxVnD_dq5L2SfXtppbYzJsB08kYm1h0zpFkkYMGQ@mail.gmail.com> <20140615022626.7111be2c.freebsd@edvax.de> <20140615100636.GB23568@slackbox.erewhon.home> <CANnsUMFNoueDmhhCOi%2BMwj39-L5oLCgqfBdD=HEm05s2xE9yJQ@mail.gmail.com> <539DCF00.2030601@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, Matt for illuminating this process. Chris On Sun, Jun 15, 2014 at 9:51 AM, Matthew Seaman <matthew@freebsd.org> wrote: > On 15/06/2014 14:38, Chris Maness wrote: >> Thanks, guys. I like the new pkg (8) command. Will they be >> recompiling ports whenever they have been patched against >> vulnerabilities? > > The official pkg sets get updated on a weekly basis -- a snap shot of > the ports tree is taken on a Wednesday, and packages are built from > that, which generally takes a few days, so new packages are usually > available on Saturday. > > The worst case scenario is that a vulnerability is announced on a > Wednesday after the weekly build has begun, so the fixed package > wouldn't then appear in the repos until about 10 days later. > > For a really serious vulnerability with exploits in the wild, I'm sure > the usual package building schedule would be modified. It's also the > case that portmgr (who are in charge of building the packages) work > closely with secteam and ports-secteam so can get advanced warning > before vulnerabilities are published. Meaning they could have fixed > packages ready when the announcement is made. But that depends on many > outside factors, so cannot be relied upon. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. > PGP: http://www.infracaninophile.co.uk/pgpkey > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANnsUMEZ8Lfrd%2BdV2kPVJ0T%2BL8vnE8buNmcujq1sFb5AUP=sGA>