On Fri, Oct 22, 2004 at 06:50:13AM -0700, Randall Foster wrote: > I'm new to the bsd's, came from linux and i'm having a bit of difficulty > figuring out the general philosophy. > > One of the major reasons that i decided to try out the 'bsds' is > because of the security. I'm having a hard time however figuring out > how security issues in the ports get dealt with when there is a port > freeze, like now. The best example i can think of is gaim...(i almost > didn't recheck the port on the 4.10 tree, it's now mysteriously up to > date, phew.) > > ......slightly altered next paragraph.... > lets say i found out there is a msn slp buffer overflow (like currently) > and i wanted to protect myself....so i cvsuped my ports tree and then > wanted to portupgrade....... problem is...since it's a port freeze...up > until a few days ago it's still at 0.82 not the 1.02 that is out now, I > watched it and never saw version 1.00 or 1.01. Are the ports frozen > _except_for_security_fixes or am i missing something. > > > I looked around on the lists for this but didn't see it and it seems > like a fairly big deal if security issues arise during a freeze.
Easy..if a security fix is submitted to portmgr during a freeze, it's almost always going to be approved. Kris
pgpknLrKiX7xC.pgp
Description: PGP signature