Re: pkg falls behind port version - how do ports become pkg's?
On Mon, 12 Nov 2018, at 23:06, Karl Pielorz wrote: > >From what I can see mysql56-server in quarterly really does need updating > to fix the CVE's - so who am I best emailing to ask if > mysql56-server/client could be updated on security grounds? > > Thanks again, Hi Karl the best person is the maintainer of that port (now in CC) and request a "MFH" or "Move From Head". You can see who this in the Makefile or via https://www.freshports.org/databases/mysql56-server for example. A+ Dave ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: pkg falls behind port version - how do ports become pkg's?
--On 12 November 2018 at 16:20:52 + Matthew Seaman wrote: Hi - thanks for your reply, and detailed info on ports / pkg behind the scenes! If it's 'quarterly' (which is the default) then you'll not get an update until the beginning of the next quarter -- which would be the start of January 2019. The exception to this is when there's a security fix for the package in question, which should appear within a day or so. Ok - all the systems here are on quarterly. I've just switched one to 'latest' - and, indeed - mysql56-server pkg installed is 5.6.42 - which appears to address the 30+ CVE's that 5.6.41 has tagged against it. Nope. Official packages are built on the official package building cluster. I'd guess that's the mythical Poudriere? ;) The certainly aren't built by random port maintainers who may be of particularly uncertain provenance and are not absolutely guaranteed to have your best interests at heart.[*] From what I can see mysql56-server in quarterly really does need updating to fix the CVE's - so who am I best emailing to ask if mysql56-server/client could be updated on security grounds? Thanks again, -Karl ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: pkg falls behind port version - how do ports become pkg's?
On 12/11/2018 14:58, Karl Pielorz wrote: How long does it usually take for an updated port (e.g. mysql56-server which in ports is at 5.6.42) to be available as a pkg? (pkg under FBSD 11.2 is currently 5.6.41). Which branch are you trcking in your pkg(8) config? If it's 'latest', then you'll get the updated mysql after about 1-3 days assuming there aren't any problems with that port of any of its dependencies. If it's 'quarterly' (which is the default) then you'll not get an update until the beginning of the next quarter -- which would be the start of January 2019. The exception to this is when there's a security fix for the package in question, which should appear within a day or so. Use 'pkg -vv' to examine your config settings, particularly the 'url' field under 'Repositories' towards the end of that output. I had previously thought all of this was mostly automated behind-the-scenes "magic" kind of stuff - but four weeks after the MySQL port was updated the pkg isn't yet :( - so I'm guessing it's not really that magic, and does involve human time & effort? :) No, packages are automatically built, and usually show up within a few days. It involves human time and effort when things go wrong, but that's primarily from the maintainers of the ports in question, and not usually the pkg-builder admins. Are ports turned into pkg's by the maintainers? - Is it done as-and-when - or is there some kind of 'every x days / once per quarter' kind of thing? Nope. Official packages are built on the official package building cluster. The certainly aren't built by random port maintainers who may be of particularly uncertain provenance and are not absolutely guaranteed to have your best interests at heart.[*] Cheers, Matthew [*] The requirements for becoming a port maintainer are no more stringent than: * Having a working e-mail address * Expressing a willingness to maintain a port * Being able to generate a diff and attach it to a Bugzilla ticket. It's down to ports committers to verify that there's nothing untoward about what they commit to the ports. The requirements on authenticating/identifying yourself when becoming a ports committer are rather stricter than for a port maintainer. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
pkg falls behind port version - how do ports become pkg's?
Hi All, How long does it usually take for an updated port (e.g. mysql56-server which in ports is at 5.6.42) to be available as a pkg? (pkg under FBSD 11.2 is currently 5.6.41). I had previously thought all of this was mostly automated behind-the-scenes "magic" kind of stuff - but four weeks after the MySQL port was updated the pkg isn't yet :( - so I'm guessing it's not really that magic, and does involve human time & effort? :) Are ports turned into pkg's by the maintainers? - Is it done as-and-when - or is there some kind of 'every x days / once per quarter' kind of thing? Thanks, -Karl ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
