--On 12 November 2018 at 16:20:52 +0000 Matthew Seaman
<matt...@freebsd.org> wrote:
Hi - thanks for your reply, and detailed info on ports / pkg behind the
scenes!
If it's 'quarterly' (which is the default) then you'll not get an update
until the beginning of the next quarter -- which would be the start of
January 2019. The exception to this is when there's a security fix for
the package in question, which should appear within a day or so.
Ok - all the systems here are on quarterly. I've just switched one to
'latest' - and, indeed - mysql56-server pkg installed is 5.6.42 - which
appears to address the 30+ CVE's that 5.6.41 has tagged against it.
Nope. Official packages are built on the official package building
cluster.
I'd guess that's the mythical Poudriere? ;)
The certainly aren't built by random port maintainers who may
be of particularly uncertain provenance and are not absolutely guaranteed
to have your best interests at heart.[*]
From what I can see mysql56-server in quarterly really does need updating
to fix the CVE's - so who am I best emailing to ask if
mysql56-server/client could be updated on security grounds?
Thanks again,
-Karl
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"