Date: Fri, 22 Oct 2004 09:57:08 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Randall Foster <threeknucklesdeep@hotmail.com> Cc: freebsd-questions@FreeBSD.org Subject: Re: interim port versions Message-ID: <20041022165708.GC82397@xor.obsecurity.org> In-Reply-To: <BAY8-F48B1ndcx3Vp2000005757@hotmail.com> References: <BAY8-F48B1ndcx3Vp2000005757@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--JWEK1jqKZ6MHAcjA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 22, 2004 at 06:50:13AM -0700, Randall Foster wrote: > I'm new to the bsd's, came from linux and i'm having a bit of difficulty > figuring out the general philosophy. >=20 > One of the major reasons that i decided to try out the 'bsds' is > because of the security. I'm having a hard time however figuring out > how security issues in the ports get dealt with when there is a port > freeze, like now. The best example i can think of is gaim...(i almost > didn't recheck the port on the 4.10 tree, it's now mysteriously up to > date, phew.) >=20 > ......slightly altered next paragraph.... > lets say i found out there is a msn slp buffer overflow (like currently) > and i wanted to protect myself....so i cvsuped my ports tree and then > wanted to portupgrade....... problem is...since it's a port freeze...up > until a few days ago it's still at 0.82 not the 1.02 that is out now, I > watched it and never saw version 1.00 or 1.01. Are the ports frozen > _except_for_security_fixes or am i missing something. >=20 >=20 > I looked around on the lists for this but didn't see it and it seems > like a fairly big deal if security issues arise during a freeze. Easy..if a security fix is submitted to portmgr during a freeze, it's almost always going to be approved. Kris --JWEK1jqKZ6MHAcjA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBeTvkWry0BWjoQKURAkDCAKDGyIfQiGo1r+EzYBFSxdOHN4A3AACdF16R a4DTwJRyqc7jCldnu1uZlpE= =8xUP -----END PGP SIGNATURE----- --JWEK1jqKZ6MHAcjA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041022165708.GC82397>