cvs commit: ports/security/vuxml vuln.xml

Jacques Vidrine nectar at FreeBSD.org
Fri Aug 13 15:10:37 PDT 2004 

On Aug 13, 2004, at 12:00 PM, Oliver Eikemeier wrote:

> Jacques Vidrine wrote:
>
>> On Aug 12, 2004, at 7:26 PM, Oliver Eikemeier wrote:
>>
>>> portaudit understands these just fine, and I guess it is the main 
>>> client right now.
>>
>> I think VuXML.org is the main client :-) but of course that's not the 
>> point.
>
> Ah, but it is an important point to me. My main concern is the FreeBSD 
> ports collection, I don't care much about OpenBSD compatibility.

My main concern is FreeBSD users, also.  Sharing infrastructure with 
other projects is desirable, and need not compromise FreeBSD's goals.  
This ought to be obvious:  it can be seen in a huge percentage of the 
FreeBSD system.

>> As previously discussed, the semantics of VuXML <name> and <range> 
>> elements are package names and version numbers respectively, not 
>> globs or glob-like patterns.  In particular, the semantics are not 
>> FreeBSD or FreeBSD Ports Collection specific.
>
> That's unfortunate. I would prefer when you would care more about 
> portaudit, especially the <range> elements have to adhere to FreeBSD 
> semantics.

Um, the <range> elements *do* adhere to FreeBSD semantics.  They adhere 
to practically any system's semantics--- that's the point of keeping 
them simple version numbers rather than system-specific patterns.  
Every package collection has the concept of version numbers (even 
though the ordering might be different).

>  Since you seem not to check your entries with portaudit, I have a lot 
> of work dealing with vuxml quirks.

No, I don't use portaudit.  How would I go about `checking entries' 
with it?  Does it not understand some VuXML entries for some reason?  
If there is a simple check, I would be happy to do it.  I didn't 
realize there was a problem.

Could you elaborate about the quirks, and what kind of work it is 
producing for you?  Maybe we can ``fix'' them.  Certainly I'm willing 
to make reasonable changes, and now is perhaps a good time as I'm 
working on a minor update to VuXML 1.2 in order to accommodate the 
needs of another large package collection.

> OTOH when you think we have different design goals, it should be no 
> problem for me to change the database, since portaudit is database 
> format agnostic.

This (``format agnostic'') seems to contradict what you stated above, 
so I think I must not quite understand.

Cheers,
-- 
Jacques A Vidrine / NTT/Verio
nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org


P.S.  Did you miss this part?  I would be much obliged if you would 
point out the problems so we can correct them, and so I don't goof it 
again in the future.

Jacques Vidrine wrote:
> On Aug 12, 2004, at 7:26 PM, Oliver Eikemeier wrote:
>>  Besides, it seems like this commit introduced some errors. How 
>> should we handle this?
>
> Hit me over the head with the specific errors, please :-)  Let's 
> resolve them.

More information about the cvs-ports mailing list