cvs commit: ports/security/portaudit-db/database portaudit.txt

Oliver Eikemeier eikemeier at
Thu Aug 5 07:57:46 PDT 2004

Dirk Meyer wrote:

> Oliver Eikemeier schrieb:,
>> Btw, both files
>>    security/vuxml/vuln.xml
>> and
>>    security/portaudit-db/database/portaudit.txt
>> can be modified by every committer without approval of the maintainers
>> of the respective ports. Perhaps they should be moved to a more
>> prominent place, or this should be stated more clearly in the Porters
>> Handbook / comments in the respective files.
> The "Porters Handbook" has a diffrent statement on this:
> handbook/security-notify.html
> --------------------
> 16.3.4 If VuXML still scares you...
> As an easy alternative to writing VuXML, you may opt to add a single 
> line
> to a different file with much simpler syntax, 
> PORTSDIR/security/portaudit-
> /database/portaudit.txt, which resides within the port 
> security/portaudit-db,
> and send a request for review to the Security Officer Team as described
> on the FreeBSD Security Information page.
> --------------------
> This I read as "Approval by Security Officer" needed.

It should read `add a single line [...], and *then* send a request for 
review'. Since I participated in writing this chapter (although the 
credits for doing most if the work should go to Yar Tikhiy 
<yar at>), and this is *my* file I should know...


More information about the cvs-ports mailing list