Date: Wed, 23 Oct 2002 06:23:58 -0700 From: Kent Stewart <kstewart@owt.com> To: Toomas Aas <toomas.aas@raad.tartu.ee> Cc: questions@freebsd.org Subject: Re: mergemaster problem Message-ID: <3DB6A2EE.7060903@owt.com> References: <200210231044.g9NAi1u20546@lv.raad.tartu.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
Toomas Aas wrote: > Hi! > > >>Date: Tue, 22 Oct 2002 11:57:44 -0700 >>From: Kent Stewart <kstewart@owt.com> >>Subject: Re: mergemaster problem > > > [... about upgrading the world ...] > >>If they fix a security related buffer overflow problem in one of the >>system libraries, you need to update all ports that use that library. > > > Isn't that the case only with statically linked binaries? > Yes! The problem is knowing which method they use. The normal assumption would be dynamic because it is less trouble and can be more efficient with respect to memory usage. The paranoid side of me, which worrys about security, would assume static unless told otherwise. Since I haven't rebuilt all of my old ports, I haven't worried about it too much :). I have never got that involved with a port make file with the exception of Code Crusader and I didn't pay attention to it. The port make files are so much more involved than anything I used on a vendor maintained OS. There was always a generator that you passed a directory and it created the basic make files for me. The first one I created on FreeBSD had 277 modules and was really painful to create. I think I did everything that I could do wrong first. Kent -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DB6A2EE.7060903>