Subject: Re: PostgeSQL security update?
To: Malcolm Herbert <firstname.lastname@example.org>
From: Geert Hendrickx <email@example.com>
Date: 06/29/2005 14:38:35
On Wed, Jun 29, 2005 at 07:19:06PM +1000, Malcolm Herbert wrote:
> On Wed, Jun 29, 2005 at 11:12:59AM +0200, Geert Hendrickx wrote:
> |postgresql74-server (version 7.4.7) has been flagged as vulnerable for a
> |while now (also in pkgsrc-2005Q5), however an update (version 7.4.8) has
> |been released by PostgreSQL more than a month ago. Is anyone working on
> |updating the pkgsrc package? Are there problems with it, or is it just
> |that noone has looked at it yet? (volunteering, then)
> ... which raises a point I was wondering about after just starting to use
> pkgsrc-2005Q2 - how do security updates get managed with this static
> version of the pkgsrc tree? should I still be able to use cvs update -dP
> to get updates as one would with a 'current' pkgsrc tree?
That's where the 2005Q2 branch is for. It's not static: security fixes get
pulled up to that branch (only tags are "static"). Use the -r flag to cvs
to track tags/branches other than HEAD.
Track a branch if you want a stable package with security updates only,
track HEAD if you want the latest and greatest version of everything, or if
you want to develop/test on pkgsrc.