Date: Sun, 15 Jun 2014 17:51:12 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: Port Changes FAQ Message-ID: <539DCF00.2030601@FreeBSD.org> In-Reply-To: <CANnsUMFNoueDmhhCOi%2BMwj39-L5oLCgqfBdD=HEm05s2xE9yJQ@mail.gmail.com> References: <CANnsUMGxkDTxVnD_dq5L2SfXtppbYzJsB08kYm1h0zpFkkYMGQ@mail.gmail.com> <20140615022626.7111be2c.freebsd@edvax.de> <20140615100636.GB23568@slackbox.erewhon.home> <CANnsUMFNoueDmhhCOi%2BMwj39-L5oLCgqfBdD=HEm05s2xE9yJQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --MoqocklVI2xOfgpeuLhu7KIbxf8sLqRjJ Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 15/06/2014 14:38, Chris Maness wrote: > Thanks, guys. I like the new pkg (8) command. Will they be > recompiling ports whenever they have been patched against > vulnerabilities? The official pkg sets get updated on a weekly basis -- a snap shot of the ports tree is taken on a Wednesday, and packages are built from that, which generally takes a few days, so new packages are usually available on Saturday. The worst case scenario is that a vulnerability is announced on a Wednesday after the weekly build has begun, so the fixed package wouldn't then appear in the repos until about 10 days later. For a really serious vulnerability with exploits in the wild, I'm sure the usual package building schedule would be modified. It's also the case that portmgr (who are in charge of building the packages) work closely with secteam and ports-secteam so can get advanced warning before vulnerabilities are published. Meaning they could have fixed packages ready when the announcement is made. But that depends on many outside factors, so cannot be relied upon. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --MoqocklVI2xOfgpeuLhu7KIbxf8sLqRjJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTnc8AXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATjbIQAJRKJk10P/pJDrqZB7eqfyOs 9MZZ0XBB/kRCQlG+hz9krlfb9k97XdcpTFIpXXjE5kGWxi+zsgLJA0tHI6wGLTPF P+gkUgXiInCo0ax3hS+AxNLoQlNeF1AuNTi2OUCylZeoKxm5gu7zx0hNAGnaJ/Uy XMsRXuscbF8pi9VuiSiJ26jhkbxh3BLZJ8IT878gnEnx09YKz2jgD2LjeK5Q6wKV e1WDzVKNuUV0ocT/liZPVK1U34xFtwYUx9kiubjvJb7ELryhUR17lB7pImYHdUC1 VaWRJM2al466Sw9N+GN9/uMtE936K2Kfuau202Tl7lZEfU7SVufRYxAJNrxV2EHj UMqVsnwAr/DgyRv1Y7iVuLLxysz9SYqdi9ZAo/NKOahJXRJIWs349RN/AonAXrev 0BPyxdvka3gy9hp8ovvbtHYh4fz07VsNPo9Qi4q6j9AiONY2mseT6umzPOvbudsK 6xh0z6POb4SR8+dUqtRVP1s4O/iS24da5DimHDnF3OvhdbE/KG/tNT+ZL4WiCVtf UyWK58mmSmL12/gWzKYv0YZpATbHXEfSVKnVD5h7leifOljr7fP8hVsahE2PcBbK JF0eEspqW9yWNZfaYoVi8F3gqpZbD0MkbRijHSKOnwDyz91n2juAwyC/HnyqM5SK HfzaiTyMfAB+ISxHNDrW =wLG/ -----END PGP SIGNATURE----- --MoqocklVI2xOfgpeuLhu7KIbxf8sLqRjJ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?539DCF00.2030601>