Binary packages track stable branch?

["J. Lewis Muir" <jlmuir%imca-cat.org@localhost>]

On 3/19/14, 4:42 AM, Jonathan Perkin wrote:
> * On 2014-03-19 at 04:17 GMT, Matthew Raspberry wrote:
>
>> Forgive me if I'm asking a dumb question but I want
>> to confirm this before going any further. Why are the
>> checksums for pub/pkgsrc/pkgsrc-2013Q4/pkgsrc.tar.xz and
>> pub/pkgsrc/pkgsrc-2013Q4/pkgsrc-2013Q4.tar.xz different? I've done
>> some comparisons of the files in each archive and I'm guessing the
>> reason is that the pkgsrc-2013Q4.tar.xz contains the snapshot as
>> it was at the time of release and pkgsrc.tar.xz is the snapshot at
>> the time of release with security and/or stability patches. Is that
>> correct?
>
> Yes.

On a related note, do the binary packages track the stable branch?

In other words, are the binary packages updated to track the stable
branch corresponding to the above pkgsrc.tar.xz, or are they left alone
corresponding to the above pkgsrc-2013Q4.tar.xz?

Is this the case for all platforms, or does it vary?  For example, what
about the Mac OS X binary packages provided by Joyent?  Are those built
for the quarterly release and then left alone, or are they updated
to address security or stability fixes so that they actually track
the stable branch?  As a specific example, say a remotely exploitable
vulnerability was discovered in security/openssh; would its binary
package get updated?

Thanks,

Lewis