Date: Tue, 26 Aug 2014 20:15:50 -0400 From: J David <j.david.lists@gmail.com> To: freebsd-ports@freebsd.org, freebsd-questions@freebsd.org Subject: Quarterly ports trees not getting security updates? Message-ID: <CABXB=RRuPqSoc6CBYLf3MBr68n-w9-0cUaOCrVvhrzvRpNnE3w@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, When the quarterly ports trees were introduced, they were described as including security, build, and runtime fixes for 3 months. This is a great idea, and with 2014Q2 it seemed to work pretty well. However, it doesn't seem like 2014Q3 is getting security fixes. For example, the openssl port has never been updated since branch; it's still on 1.0.1_13, which has 9 open CVE's against it. Other ports have similar issues (e.g. serf and subversion). What could a non-expert such as myself do to help with this? Is it just a matter of trying to identify the relevant commits from the head of the ports tree, or is there more to it? Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABXB=RRuPqSoc6CBYLf3MBr68n-w9-0cUaOCrVvhrzvRpNnE3w>