Hello, When the quarterly ports trees were introduced, they were described as including security, build, and runtime fixes for 3 months.
This is a great idea, and with 2014Q2 it seemed to work pretty well. However, it doesn't seem like 2014Q3 is getting security fixes. For example, the openssl port has never been updated since branch; it's still on 1.0.1_13, which has 9 open CVE's against it. Other ports have similar issues (e.g. serf and subversion). What could a non-expert such as myself do to help with this? Is it just a matter of trying to identify the relevant commits from the head of the ports tree, or is there more to it? Thanks! _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
