Date: Fri, 26 Sep 2014 14:55:03 -0500 From: Mark Felder <feld@FreeBSD.org> To: freebsd-security@freebsd.org Subject: Re: pkg repositories out of alignment (was: Re: bash velnerability) Message-ID: <1411761303.37126.172207289.07A402AF@webmail.messagingengine.com> In-Reply-To: <F0417142-C09B-4D05-9DFC-81D58C1F4AAB@vpnc.org> References: <CAHFU5H5WOnAXuFmfQEGkTvwoECATTCC3eKYE3yts%2BBqh1M_8ww@mail.gmail.com> <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> <54243F0F.6070904@FreeBSD.org> <54244982.8010002@FreeBSD.org> <20140925193555.GB28430@satori.lan> <20140926123803.GA30925@zxy.spb.ru> <F0417142-C09B-4D05-9DFC-81D58C1F4AAB@vpnc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 26, 2014, at 10:25, Paul Hoffman wrote: > > I appreciate the speed that folks update the packages; I'm a bit > distressed that 9.3 seems to be a second-class citizen for security > fixes. (And I totally admit that I could be misreading the situation.) > (speaking strictly as a consumer of the pkg repository) I am not aware of any other packages with security vulnerabilities that have been updated on the repository outside of the planned once-a-week schedule. This means if the package set is built and published and immediately thereafter a vulnerability comes out for www/chromium, don't expect to see the update until next week. There is a desire to solve this problem and it is not simple solution. Keep in mind that the ports tree existed for 20 years now expecting people to consume it from source, not from packages. I've witnessed the ports team and ports-mgmt/pkg authors perform miracles over the last 2 years and they have further plans to modernize the architecture. FYI, the repositories are built sequentially and I don't think there's a preference of a certain release over another. They're working hard to get these updated packages out the door as fast as possible.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1411761303.37126.172207289.07A402AF>