On 2016-08-19, Thuban <thu...@yeuxdelibad.net> wrote: > I was wondering if packages for -release would be fixed if a security > issue is found in one of these third party programs, which could be > updated with pkg_add -u.
No, they're not, they're fixed for release and not further updated. It's the same for the base OS - releases are a fixed point, we don't rewrite history. > Or does someone has to stay up to date and usr ports to upgrade each > single package on his system to follow -stable? (with the risk to miss > the last new of a tiny library...). This is what the FAQ make me wonder, > but just to be sure. Options include: - use -current snapshots. this is likely to be the easiest way for most people. - build your own from -stable if the relevant commits have already been backported, dpb -R can help with this, but it's not really a beginner thing. - backport things yourself if the relevant commits have not already been backported. - use a third party service. - use a different OS, some of the Linux distributions are a lot better suited to people who don't want to update most of their software but still get some backported fixes ;)