On Fri, Feb 03, 2006 at 09:01:57PM -0500, Nick Guenther wrote:
> > I saw on Secunia Advisories that very heavy security problems have
> > occured in Mozilla Firefox and Thunderbird.
> > Usually WHO is patching these programs (the porters?)? Should I wait for
> > a new binary port? Should I patch myself
> > Thunderbird and Firefox? Patches come from porters or from Mozilla
> > Foundation?
>
> The +DESC file says just 'Maintainer: The OpenBSD ports mailing-list
> <[email protected]>' so I'm guessing that means no one in particular.
> it seems like your only option is to use ports to get the source (I
> assume) and then patch by hand.
Nah, keep up with -stable and you'll get the important fixes. Keep up
with -current, and you get both all the newest fixes and the newest
bugs.
However, unless you decide to keep at -release, there's no reason to
patch by hand. And even if you do, just import the patches from -stable.
The ports system usually incorporates the official patches. Only when
there is a very good reason to patch something quickly, and the official
patch isn't fast enough, a known issue is patched only by OpenBSD.
Of course, this is different from the patches used to make something
build at all and fix into the ports system - those typically are
OpenBSD-specific.
Joachim
