cvs commit: ports/multimedia/xine Makefile
Oliver Eikemeier
eikemeier at fillmore-labs.com
Mon Mar 29 10:14:39 PST 2004
Jacques A. Vidrine wrote:
> On Sun, Mar 28, 2004 at 03:44:06PM -0800, Oliver Eikemeier wrote:
>
>>eik 2004/03/28 15:44:06 PST
>>
>> FreeBSD ports repository
>>
>> Modified files:
>> multimedia/xine Makefile
>> Log:
>> Mark forbidden due to an entry in the VuXML database. Don't
>> forget to add the version which fixes the issues there.
>
> FWIW:
>
> I didn't mark this port FORBIDDEN when I added the issue to the
> database because some issues are not very severe. For example, this
> issue has practically no impact on single user systems, and quite
> possibly no impact on any FreeBSD user anywhere. Marking the port
> FORBIDDEN in this case seems extreme.
It's in the official FreeBSD vulnerability database.
> I'd prefer to reserve FORBIDDEN for those cases where the ports
> present some danger. Those who want a more strict policy can use
> portaudit or similar, right?
I guess we have to add a severity tag then, to enable `soft' vulnerabilities.
I have an automated script that barks on unmarked vulnerabilities, and it can't
decide which vulnerability is `important'.
>> http://people.freebsd.org/~eik/portaudit/fde53204-7ea6-11d8-9645-0020ed76ef5a.html
>
> By the way, I'd appreciate it if you'd point to the VuXML site instead
> (the URLs are `permanent').
>
> http://vuxml.freebsd.org/
> http://vuxml.freebsd.org/fde53204-7ea6-11d8-9645-0020ed76ef5a.html
These are generated by the same script that generates the portaudit database, so
they will never go out of sync.
Oliver
More information about the cvs-all
mailing list