Subject: Re: pkgsrc branch vs. current?
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Jeremy C. Reed <reed@reedmedia.net>
List: netbsd-users
Date: 05/10/2005 10:43:00
> >I don't consider it a drawback. Security fixes are in the stable branch
> >and in many cases the security fix is done so the update is easy as
> >possible.
>
> But they aren't always there.  For example, for a while -- a few weeks, I
> think -- the head has had a fixed ImageMagick, 6.2.2.0.  But pkgsrc-2005Q1
> has 6.2.0.4, which has a heap overflow.  I've seen other examples in
> the past.

I don't know about that particular issue, but I have seen that the two (or
three) people who handle the pullups for pkgsrc stable are doing a good
job.

http://releng.netbsd.org/index-pkgsrc.html has details.

Also, there is an email report about once per week or every other week
that lists the security issues (listed pk pkg-vulnerabilities) not
resolved in current and stable pkgsrc.

If anything hasn't been pulled up yet and not in the queue to be done, it
needs to be requested.

 Jeremy C. Reed

 	  	 	 BSD News, BSD tutorials, BSD links
	  	 	 http://www.bsdnewsletter.com/