Date: Tue, 4 Oct 2005 23:04:27 +0200 From: Simon Barner <barner@FreeBSD.org> To: Dirk Meyer <dirk.meyer@dinoex.sub.org> Cc: cvs-ports@FreeBSD.org, Kris Kennaway <kris@obsecurity.org>, ports-committers@FreeBSD.org Subject: Re: Valid Sender ? - Re: cvs commit: ports/security/openssl Makefile Message-ID: <20051004210427.GA55575@zi025.glhnet.mhn.de> In-Reply-To: <1V%2BRzjn/WV@dmeyer.dinoex.sub.org> References: <8AYfVTn/WV@dmeyer.dinoex.sub.org> <200510040735.j947Z8rb069549@repoman.freebsd.org> <200510040735.j947Z8rb069549@repoman.freebsd.org> <20051004144319.GA71102@xor.obsecurity.org> <8AYfVTn/WV@dmeyer.dinoex.sub.org> <20051004174511.GA22748@xor.obsecurity.org> <1V%2BRzjn/WV@dmeyer.dinoex.sub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--C7zPtVaVf+AK4Oqc Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable [removed cvs-all from Cc:] Dirk Meyer wrote: > Kris Kennaway schrieb:, >=20 > > > As you might see in the cvs Revision 1.100 is tagged with RELEASE_6_0= _0 > > > The update of openssl 0.9.8 was commited after this. > >=20 > > And when you commit a fix to some other port and then it has a > > security vulnerability, I can't slip the tag without worrying whether > > you've broken the package on 6.0 with the previous version of openssl. >=20 > Yes you can slip the tag on any port that depends on openssl. >=20 > Thats why we have bsd.openssl.mk. >=20 > Unless you move the tag there and in openssl itself, > all ports will still build with the old openssl 0.9.7g Hmm, I think Kris meant it like this: When one upgrades a port P (e.g. openssl) that requires a lot of compatibil= ity patches in other ports (API or ABI changes, ...), and _then_ one of the other ports (lets call it S) gets a security fix, then you cannot simply slip the tag on that port. This is because S contained also the compatibility patches, but the tag of port P still points at the old versio= n. Now, one needs to slip the tag of port P (and also of ports that depend on it, and maybe that of ports that depend on ports that depend ... you get the idea). AFAICS there's no way to merge back the security patch only because our ports tree is not branched, and it's commonly agreed upon that it will never be due to lack of resources. --=20 Best regards / Viele Gr=FC=DFe, barner@FreeBSD.= org Simon Barner barner@gmx.de --C7zPtVaVf+AK4Oqc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDQu5bCkn+/eutqCoRAtgBAJ9J4OSpTDmEh1nJBC1U95KV9C7YMACgtdUY Aw2MuwP11S8PFBt5IarNTNo= =GP1B -----END PGP SIGNATURE----- --C7zPtVaVf+AK4Oqc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051004210427.GA55575>