Subject: Re: pkgsrc-2004Q3 maintained?
To: Roman Kennke <roman@cognition.uni-freiburg.de>
From: Alistair Crooks <agc@pkgsrc.org>
List: netbsd-users
Date: 10/18/2004 19:14:43
On Sun, Oct 17, 2004 at 06:20:19PM +0200, Roman Kennke wrote:
> It has been announced, that the 2004Q3 branch of the pkgsrc
> tree is the current stable tree and that all maintainance
> takes place there. Does this mean that I can expect
> security updates and corrections be submitted there? I am
> asking because I noticed that for instance Mozilla Firefox
> is still at 0.10 there (which has security flaws according
> to audit-packages), and 0.10.1 is in the latest CVS of
> pkgsrc. There are other examples, like tiff-3.6.1. Should I
> submit bugs regarding these issues, or do I understand
> something wrong here? I don't like the idea of always
> running the latest CVS pkgsrc tree very much.

There's been an administration bogon just recently, but I think it's
been fixed.  I've pulled up security fixes for sox and tiff already
today, and I will see if I can get to apache and bzip and freeradius
later on (although they're difficult for me right now).

I haven't seen a pullup request for firefox - if you find something
like this that you think should be pulled up to the pkgsrc branch,
please send a PR so that it doesn't fall through the cracks (and
likewise for anything that should be in pkg-vulneraibilities).
 
Regards,
Alistair