On Fri, 8 Sep 2023 16:04:19 +0200, Bjorn Ketelaars <b...@openbsd.org> wrote:
> It probably makes sense to remove the 1.1 branch of borgbackup as > upstream considers it EOL [0]. As a result, a recent security fix > (CVE-2023-36811) has not been made available for 1.1.x. > The 1.2 branch, which we have in ports, is actively maintained, and > upgrading from 1.1.x to 1.2.x is possible [1]. Thanks for raising this issue! > Diff below removes the 1.1 branch and adds @pkgpath markers to the > PLIST of 1.2. With this I'm able to 'pkg_add -u' cleanly from > borgbackup-1.1.18 to borgbackup-1.2.6. Is that the right thing to do though? Checking the upgrade notes, there's a couple of commands to run, and things to check. I'm afraid if we provide an update path to borgbackup-1.2, people will not notice the silent upgrade, and their backups may consequently be broken. Not a big issue since I'm sure everyone does monthly 'restore attempt' to ensure the backup validity, right (: Either way, adding a current.html entry with the upgrade notes would be quite useful I think. (At least, I appreciated having them in your email!) > [0] https://mail.python.org/pipermail/borgbackup/2023q3/002292.html > [1] > https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#borg-11x-to-12x Cheers, Daniel
