Date: Tue, 20 Dec 2005 12:15:30 +0100 From: Melvyn Sopacua <freebsd.stable@melvyn.homeunix.org> To: freebsd-stable@freebsd.org Subject: Re: ports security branch Message-ID: <200512201215.30165.freebsd.stable@melvyn.homeunix.org> In-Reply-To: <20051220110315.GA66112@melkor.kh405.net> References: <43A7A3F7.7060500@mail.ru> <43A7DA65.1020801@mail.ru> <20051220110315.GA66112@melkor.kh405.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 20 December 2005 12:03, Marwan Burelle wrote:
> Relying on the maintainer work is a good starting point, you may trust
> him for doing only the needed updates for those ports that requier
> security concerns. But even here, major updates of widely used libs
> imply rebuild of most of the ports, even when no security issue
> arises.
No it doesn't. Only with static linking or when interfaces changed, which is
not always the case. The fact that the gnome project is fond of changing
library versions with every release doesn't mean there aren't sane projects.
Typically security patches do not update library versions, allthough it is
possible if the interface is insecure by design.
Example: freetype was updated
wc -l /var/db/pkg/freetype2-2.1.10_2/+REQUIRED_BY
111 /var/db/pkg/freetype2-2.1.10_2/+REQUIRED_BY
Not a single port rebuilt, 111 packages re-packed, but that's it.
--
Melvyn Sopacua
freebsd.stable@melvyn.homeunix.org
FreeBSD 6.0-STABLE
Qt: 3.3.5
KDE: 3.4.3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512201215.30165.freebsd.stable>