On 19 Aug 2016, thu...@yeuxdelibad.net wrote: > I was wondering if packages for -release would be fixed if a security > issue is found in one of these third party programs, which could be > updated with pkg_add -u.
It's a good question. I was quite amused to notice the juxtaposition of: ] Our aspiration is to be NUMBER ONE in the industry for security (if we ] are not already there). ] The ports tree is meant for advanced users. Everyone is encouraged to ] use the pre-compiled binary packages. ] When serious bugs or security flaws are discovered in third party ] software, they are fixed in the -stable branch of the ports tree. Note ] that binary packages for -release and -stable are not updated. I am guessing that your fear is correct but it's a matter of resource availability given the effort it takes to keep the core system great. If we want security updates for binary packages then I'd hope that people agree it to be a good idea in the abstract but we probably need to volunteer actual work (or donate more!) if it is to actually happen. -- Mark
