pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Update or remove asterisk18?

Am 09.06.2011 um 14:08 schrieb Greg Troxel:

> Generally, my opinion is to assess whether having the package removed is
> in the best interest of pkgsrc users, keeping in mind finite effort on
> the part of pkgsrc maintainers.  Removing pacakges makes it harder to
> update them later, while leaving a package at a slightly old revision
> with known vulnerabilities causes almost no problems.  And, removal
> makes it harder for a user to choose to use the package anyway.

Well, the question is: Does it make sense to use a package that not only has 
security holes which are not being fixed, but even has a new security hole 
almost each week? The problem is that the number of unfixed security holes only 
gets bigger.

> You say that you're using it, but that it's "just not helping at all".
> That seems inconsistent.

Well, basically, I do make configure, patch it manually and then build it. 
However, with each update to a dependency of asterisk, I have to do that again, 
so it actually is more work than building asterisk without pkgsrc.

> In this case, it seems jnemeth@ has updated to a newer upstream release
> a few hours ago.

Ah, cool. That helps.


Attachment: PGP.sig
Description: Signierter Teil der Nachricht

Home | Main Index | Thread Index | Old Index