cvs commit: ports/security/portaudit-db/database portaudit.txt
Oliver Eikemeier
eikemeier at fillmore-labs.com
Thu Aug 5 07:57:46 PDT 2004
Dirk Meyer wrote:
> Oliver Eikemeier schrieb:,
>
>> Btw, both files
>> security/vuxml/vuln.xml
>> and
>> security/portaudit-db/database/portaudit.txt
>> can be modified by every committer without approval of the maintainers
>> of the respective ports. Perhaps they should be moved to a more
>> prominent place, or this should be stated more clearly in the Porters
>> Handbook / comments in the respective files.
>
> The "Porters Handbook" has a diffrent statement on this:
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-
> handbook/security-notify.html
>
> --------------------
> 16.3.4 If VuXML still scares you...
>
> As an easy alternative to writing VuXML, you may opt to add a single
> line
> to a different file with much simpler syntax,
> PORTSDIR/security/portaudit-
> /database/portaudit.txt, which resides within the port
> security/portaudit-db,
> and send a request for review to the Security Officer Team as described
> on the FreeBSD Security Information page.
>
> --------------------
>
> This I read as "Approval by Security Officer" needed.
It should read `add a single line [...], and *then* send a request for
review'. Since I participated in writing this chapter (although the
credits for doing most if the work should go to Yar Tikhiy
<yar at FreeBSD.org>), and this is *my* file I should know...
-Oliver
More information about the cvs-ports
mailing list