Mel Flynn wrote: > On Monday 15 June 2009 02:55:09 Dominic Fandrey wrote: >> Sorry for the late reply, this was auto-sorted into the ports@ mails >> and drowned there. >> >> Boris Samorodov wrote: > >>> As I understand pkg_upgrade does not preserve old libraries at >>> /usr/local/lib/compat? >> That's true. I consider this common approach a security risk. > > It is a service interruption to delete libraries that are still used and this > can also lead to security problems. > However, pkg_upgrade cannot ever hope to fix this problem, because the > buildservers do not unconditionally rebuild packages that mention the > upgraded > port in LIB_DEPENDS, therefore it is better to leave these shared libraries > around.
To me something not working seems to be less of a security problem than linking to a vulnerable library. >> To ensure that you get the newest packages wipe >> /usr/ports/packages/All. > > Erm, the download time associated with that approach doesn't really speed up > things, nor does it guarantee that you will have working binaries if the port > maintainer forgot to version bump a port. Well, you don't ever need them again after having them installed once, so I don't see the problem. And at least from pointyhead I've never head broken linking, even when the package was not version bumped, so I think there's some kind of human intervention, or I was lucky. Proper version bumping solves both problems, though and it is rarely forgotten lately. So the issue is much smaller, now than it would have been a couple of years ago. Also I do not see a way for my tool to handle this in any acceptable way. If you've got an idea, go ahead and tell me. I actually want to deal with as many problems as possible without user intervention. It's about making life easier, after all. _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"