On 12/12/2012 1:57 AM, Matthias Andree wrote: > Am 11.12.2012 20:34, schrieb Jeremy Messenger: > >> If can't update all ports then please wait until when you can. I never >> have any problem to update all ports at a time by ran it over night >> time. Or even better, use packages if you can't afford the ports >> system. > > This is ridiculous. We know that there have been extended (months!) > periods where we were stuck because all useful versions of some > important library had security vulnerabilities. The last pain I > recollect was libxul. Old version vulnerable, no new version, and then > when the new version was around, some dependencies did not work with > libxul-10*. This would in effect have meant "no update for months". > > > Bryan, practially, I propose that portmaster should > > - list stored libraries on each and every run, and ask that the user > updates those ports that use the old, saved, libraries, pointing to > bsdadminutils and pkg_libchk. > > - we may need to save more than just the .so files, namely, the origin > and portname of a saved library so that portmaster can run portaudit > against those names to complain about security issues in saved libraries. >
Good points and ideas. I will keep those in mind. -- Regards, Bryan Drewery bdrewery@freenode/EFNet
signature.asc
Description: OpenPGP digital signature
