> Oops, sorry, my question was if I *needed* to update pkgsrc, or
whether
> source would build properly without doing so.  As an experiment, I
> built apache-2.0.44 without updating pkgsrc and it seems to run
fine.
>
> But that raised yet another question.  pkgsrc is convenient, but
many
> of the packages are outdated versions that have been replaced with
> security updates (e.g., apache-1.3.28 is what builds via pkgsrc,
but
> 1.3.29 is the current version due to security problems in 1.3.28;
for
> apache 2, the pkgsrc version is 2.0.44 but the current version
from
> apache.org is 2.0.48).  How does one build updated versions,
especially
> for critical apps like this where security is crucial?  Can one
just
> download the source tarballs and build them in the usual way
> (./configure, make, make install) or does one have to use pkgsrc
due to
> patching issues?

pkgsrc is usually pretty good about tracking changes like that.  I'd
suggest pulling down todays pkgsrc tarball, dumping it into a temp
directory, and looking at what versions it pulls down.  I usually
update my pkgsrc tree if it's older than a week before building
anything out of it for precisely the reasons you stated above.  Note
you can also build out of pkgsrc, upgrade pkgsrc, then use pkgtools
& pkgsrc to update the installed build to the current ver.

Joshua Coombs