cvs commit: ports/security/vuxml vuln.xml
nectar at FreeBSD.org
Fri Aug 13 15:10:37 PDT 2004
On Aug 13, 2004, at 12:00 PM, Oliver Eikemeier wrote:
> Jacques Vidrine wrote:
>> On Aug 12, 2004, at 7:26 PM, Oliver Eikemeier wrote:
>>> portaudit understands these just fine, and I guess it is the main
>>> client right now.
>> I think VuXML.org is the main client :-) but of course that's not the
> Ah, but it is an important point to me. My main concern is the FreeBSD
> ports collection, I don't care much about OpenBSD compatibility.
My main concern is FreeBSD users, also. Sharing infrastructure with
other projects is desirable, and need not compromise FreeBSD's goals.
This ought to be obvious: it can be seen in a huge percentage of the
>> As previously discussed, the semantics of VuXML <name> and <range>
>> elements are package names and version numbers respectively, not
>> globs or glob-like patterns. In particular, the semantics are not
>> FreeBSD or FreeBSD Ports Collection specific.
> That's unfortunate. I would prefer when you would care more about
> portaudit, especially the <range> elements have to adhere to FreeBSD
Um, the <range> elements *do* adhere to FreeBSD semantics. They adhere
to practically any system's semantics--- that's the point of keeping
them simple version numbers rather than system-specific patterns.
Every package collection has the concept of version numbers (even
though the ordering might be different).
> Since you seem not to check your entries with portaudit, I have a lot
> of work dealing with vuxml quirks.
No, I don't use portaudit. How would I go about `checking entries'
with it? Does it not understand some VuXML entries for some reason?
If there is a simple check, I would be happy to do it. I didn't
realize there was a problem.
Could you elaborate about the quirks, and what kind of work it is
producing for you? Maybe we can ``fix'' them. Certainly I'm willing
to make reasonable changes, and now is perhaps a good time as I'm
working on a minor update to VuXML 1.2 in order to accommodate the
needs of another large package collection.
> OTOH when you think we have different design goals, it should be no
> problem for me to change the database, since portaudit is database
> format agnostic.
This (``format agnostic'') seems to contradict what you stated above,
so I think I must not quite understand.
Jacques A Vidrine / NTT/Verio
nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
P.S. Did you miss this part? I would be much obliged if you would
point out the problems so we can correct them, and so I don't goof it
again in the future.
Jacques Vidrine wrote:
> On Aug 12, 2004, at 7:26 PM, Oliver Eikemeier wrote:
>> Besides, it seems like this commit introduced some errors. How
>> should we handle this?
> Hit me over the head with the specific errors, please :-) Let's
> resolve them.
More information about the cvs-all