[csw-users] Release schedule for stable packages

James Lee james at blastwave.org
Wed Nov 9 15:38:00 CET 2005

On 09/11/05, 14:00:25, Mark McCoy <Mark.McCoy at utsa.edu> wrote regarding Re: 
[csw-users] Release schedule for stable packages:

> By "cherry picking", I was referring to having a current pkgsrc tree
> checked out alongside the 2005Q3 tree and building updated packages for
> security reasons out of that

And by "rotten apple" I was referring to spoiling the barrel.[1]
It's not as simple as pulling one package in isolation.  You have
to at least consider pulling a connected group which may have other
security implications.  If you are not prepared to consider the
related packages you will have failures.  Do what you like but you
have been warned.

Note also the packages don't form a tree but networks[2], most are
in one large network and only a few are isolated.


[1] http://www.google.com/search?q=apple+spoil+barrel
[2] http://pfelecan.free.fr/blastwave/dependencyGraph/

More information about the users mailing list