ports security branch
Melvyn Sopacua
freebsd.stable at melvyn.homeunix.org
Tue Dec 20 03:15:32 PST 2005
On Tuesday 20 December 2005 12:03, Marwan Burelle wrote:
> Relying on the maintainer work is a good starting point, you may trust
> him for doing only the needed updates for those ports that requier
> security concerns. But even here, major updates of widely used libs
> imply rebuild of most of the ports, even when no security issue
> arises.
No it doesn't. Only with static linking or when interfaces changed, which is
not always the case. The fact that the gnome project is fond of changing
library versions with every release doesn't mean there aren't sane projects.
Typically security patches do not update library versions, allthough it is
possible if the interface is insecure by design.
Example: freetype was updated
wc -l /var/db/pkg/freetype2-2.1.10_2/+REQUIRED_BY
111 /var/db/pkg/freetype2-2.1.10_2/+REQUIRED_BY
Not a single port rebuilt, 111 packages re-packed, but that's it.
--
Melvyn Sopacua
freebsd.stable at melvyn.homeunix.org
FreeBSD 6.0-STABLE
Qt: 3.3.5
KDE: 3.4.3
More information about the freebsd-stable
mailing list