Siju George wrote:
there is a software called foo
suppose 3.9 installs foo.1.1.1 if you use ports.
now a few security holes are found in foo.1.1.1
So the foo developers release foo.1.1.2
And the foo developers *strongly encourage* everybody running
foo.1.1.1 to upgrade to foo.1.1.2 as soon as possible.
So what is the best wat to do it in the present ports system?
Update your ports tree to its respective -stable version and install
foo-1.1.2 (or foo-1.1.1 + patch ~= foo-1.1.1p0) from there. If it's
among the official packages collection, get
foo-1.1.2.tgz/foo-1.1.1p0.tgz from your favorite FTP mirror's
.../OpenBSD/`uname -r`/packages/`arch`/ directory, since updated
packages are made available there as well. (Just set PKG_PATH and
pkg_add -u.) Though I haven't read it in a while, I am sure the FAQ has
tons of useful things to say about all this.
If, for some reason, there is no security update for foo available, yet,
letting foo's MAINTAINER (or ports@, if necessary) know that you're
actually a concerned foo-user will speed - or at least clear - things up
(all the work is done by regular humans, not robots ;P).
Security updates and fixes make it into -stable, regular updates do not.
Using -stable packages/ports instead of manual or alien updates has the
advantage that these updates are also tested with their respective
OpenBSD release, work with pkg_add -u, have their dependencies properly
registered, can be un-/re-installed, don't conflict, i.e. come with the
whole shebang.
Moritz
