Subject: Re: PostgeSQL security update?
To: Malcolm Herbert <>
From: Geert Hendrickx <>
List: tech-pkg
Date: 06/29/2005 14:38:35
On Wed, Jun 29, 2005 at 07:19:06PM +1000, Malcolm Herbert wrote:
> On Wed, Jun 29, 2005 at 11:12:59AM +0200, Geert Hendrickx wrote:
> |postgresql74-server (version 7.4.7) has been flagged as vulnerable for a
> |while now (also in pkgsrc-2005Q5), however an update (version 7.4.8) has
> |been released by PostgreSQL more than a month ago.  Is anyone working on
> |updating the pkgsrc package?  Are there problems with it, or is it just
> |that noone has looked at it yet?  (volunteering, then)
> ... which raises a point I was wondering about after just starting to use
> pkgsrc-2005Q2 - how do security updates get managed with this static
> version of the pkgsrc tree?  should I still be able to use cvs update -dP
> to get updates as one would with a 'current' pkgsrc tree?

That's where the 2005Q2 branch is for.  It's not static: security fixes get
pulled up to that branch (only tags are "static").  Use the -r flag to cvs
to track tags/branches other than HEAD.  

Track a branch if you want a stable package with security updates only,
track HEAD if you want the latest and greatest version of everything, or if
you want to develop/test on pkgsrc.