[csw-users] Release schedule for stable packages
James Lee
james at blastwave.org
Wed Nov 9 15:38:00 CET 2005
On 09/11/05, 14:00:25, Mark McCoy <Mark.McCoy at utsa.edu> wrote regarding Re:
[csw-users] Release schedule for stable packages:
> By "cherry picking", I was referring to having a current pkgsrc tree
> checked out alongside the 2005Q3 tree and building updated packages for
> security reasons out of that
And by "rotten apple" I was referring to spoiling the barrel.[1]
It's not as simple as pulling one package in isolation. You have
to at least consider pulling a connected group which may have other
security implications. If you are not prepared to consider the
related packages you will have failures. Do what you like but you
have been warned.
Note also the packages don't form a tree but networks[2], most are
in one large network and only a few are isolated.
James.
[1] http://www.google.com/search?q=apple+spoil+barrel
[2] http://pfelecan.free.fr/blastwave/dependencyGraph/
More information about the users
mailing list