Date: Fri, 12 Aug 2011 07:41:17 +0300 From: Volodymyr Kostyrko <c.kworr@gmail.com> To: Martin Simmons <martin@lispworks.com> Cc: emulation@freebsd.org Subject: Re: [ports-i386@freebsd.org: linux-f10-flashplugin-10.3r181.34 failed on i386 9] Message-ID: <4E44AEED.7070207@gmail.com> In-Reply-To: <201108111920.p7BJKGjc021859@higson.cam.lispworks.com> References: <20110810060822.GZ60956@droso.net> <4E42E7F4.5040502@gmail.com> <201108111920.p7BJKGjc021859@higson.cam.lispworks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
11.08.2011 22:20, Martin Simmons wrote: >>>>>> On Wed, 10 Aug 2011 23:20:04 +0300, Volodymyr Kostyrko said: >> >> PS: As far as I understand the main problem is about mirroring correct >> player versions. Anyone (even me) can apply for a redistribution rights >> and make those files available for download the way we want (the way >> each version will have unique url). > > Wouldn't that be dangerous, because it would allow easy use of old versions > that contain critical vulnerabilities? This applies to any vulnerable package like apache or png. We already have means of dealing with this like ports updating and vuxml. I'm talking about stability here. Adobe silently shipped another version and our port become unbuildable because distfile wasn't available anymore. Making up mirror with archive versions saves us the time when port wasn't updated yet but we have no directions of retrieving old verified distfile. -- Sphinx of black quartz judge my vow.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E44AEED.7070207>