What's the way you use to check the ports you maintains ?

RadicalEdhard · Monday at 8:57 AM

Hi everyone, i'm beginner at port maintaining and i'd like to know what's your favorite way to check the ports you maintain ,especially about CVE in dependencies and these kind of thins ... i've read about using specialized website like: repology, portscout and the pkg audit command for sure ... But i have intuition experienced mainteners have their own tips and way to do that. Thank you for your clarifications.

nxjoseph · Monday at 9:45 AM

I use both repology and portscout. Repology is a good UI, but sometimes i notice it lags behind updates cuz portscout reminds me them first, also has the ability to mail you. I am using both their rss feeds to quickly check any updates from a rss client using terminal.

T-Aoki · Monday at 10:26 AM

Checking nvidia Unix driver site basically daily.
And also check tags in their github repo below providing external components when I find any upgrades on Unix driver site to sync with.

And egl-wayland2 is planned to be introduced once tagged as release (currently RC).
I've dropped it on most recent upgrades to make possible things in-tree before 2026Q1 branches. (Was waiting until approaching to the end of 2025.)

SirDice · Monday at 2:22 PM

RadicalEdhard said:
especially about CVE in dependencies

You're not responsible for those dependencies.

RadicalEdhard · Monday at 7:11 PM

SirDice said:
You're not responsible for those dependencies.

Glad to hear it

T-Aoki · Tuesday at 12:07 AM

RadicalEdhard said:
Glad to hear it

What you need to be aware of would NOT be the dependencies (what your ports depends upon), but users and any ports depending upon your ports.

If any breaking (backward incompatible) changes are made in resulting pkg,

you need to notify maintainers of ports that depends upon yours via summaries of PR and/or review if anything needed to be done on their side,
if your ports are somehow "fundamental" thing like devel/glib20 and lang/python* and having backward incompatible changes, you need to request exp-run (full test rebuilds of the whole bunch of ports tree with your patch) via PR (bugzilla),
you need to write UPDATING entry if usual upgrading procedure (via pkg, portupgrade, portmaster, ... or historical make && make deinstall reinstall) alone is insufficient.

In the first case, HEADSUP mail to freebsd-ports ML would be worth posting. It could lower risks to be overlooked for PRs/reviews.

Putting good or not aside, my examples of HEADSUP, UPDATING and the whole commit.

RadicalEdhard · Tuesday at 10:10 AM

T-Aoki said:
What you need to be aware of would NOT be the dependencies (what your ports depends upon), but users and any ports depending upon your ports.

If any breaking (backward incompatible) changes are made in resulting pkg,

you need to notify maintainers of ports that depends upon yours via summaries of PR and/or review if anything needed to be done on their side,

if your ports are somehow "fundamental" thing like devel/glib20 and lang/python* and having backward incompatible changes, you need to request exp-run (full test rebuilds of the whole bunch of ports tree with your patch) via PR (bugzilla),

you need to write UPDATING entry if usual upgrading procedure (via pkg, portupgrade, portmaster, ... or historical make && make deinstall reinstall) alone is insufficient.

In the first case, HEADSUP mail to freebsd-ports ML would be worth posting. It could lower risks to be overlooked for PRs/reviews.

Putting good or not aside, my examples of HEADSUP, UPDATING and the whole commit.

Okay, I understand the responsibilities of a maintainer better now. I took the advice and carried out the appropriate checks.

What's the way you use to check the ports you maintains ?

RadicalEdhard

nxjoseph

T-Aoki

SirDice

Administrator

RadicalEdhard

T-Aoki

RadicalEdhard