Subject: Incorrect make update logic?
To: None <>
From: John Klos <>
List: tech-pkg
Date: 09/20/2004 09:38:42

I just experienced problems updating packages on several machines. When 
running a "make update" in textproc/expat, the systems tried to also 
update Apache 2. However, because there is a security vulnerability, that 
failed, but when the update continued, Apache 1.3.31 got installed to 
satisfy something else being updated (probably ap-php4 or something like 

Perhaps the logic of "make update" should present the security warning to 
the user and return an error BEFORE the package is deleted, not after?

Also, shouldn't the failure in apache2 cause the whole "make update" to 

John Klos

P.S. Apache is a pretty major package - any word on what's holding up the 
2.0.51 update?