cvs commit: ports/security/portaudit-db/database portaudit.txt
portaudit.xlist portaudit.xml
Oliver Eikemeier
eikemeier at fillmore-labs.com
Mon Aug 16 09:34:56 PDT 2004
Jacques A. Vidrine wrote:
> [...]
>
> You keep making this assertion, but you have not given any details.
> What gives? For example, why have you duplicated the following entry:
>
> in ports/security/vuxml/vuln.xml
> ``acroread uudecoder input validation error''
> http://vuxml.freebsd.org/78348ea2-ec91-11d8-b913-000c41e2cdad.html
>
> in ports/security/portaudit-db/database/portaudit.xml
> ``Acrobat Reader handling of malformed uuencoded pdf files''
>
> http://people.freebsd.org/~eik/portaudit/ab166a60-e60a-11d8-9b0a-000347a4fa7d.
> html
>
> What is it about the original entry that does not "work with portaudit"?
I made the entry Aug 4 2004 11:43:15 UTC:
<http://cvsweb.freebsd.org/ports/security/portaudit-
db/database/portaudit.txt#rev1.69>
You've added a copy Aug 12 2004 19:05:51 UTC:
<http://cvsweb.freebsd.org/ports/security/vuxml/vuln.xml#rev1.168>
> This is particularly confusing because you somehow claim that the
> original entry is "superseded" by yours.
>
>
> http://people.freebsd.org/~eik/portaudit/78348ea2-ec91-11d8-b913-000c41e2cdad.
> html
>
> Why didn't you simply correct the original entry if there is a problem?
I decided to mark yours as a duplicate of my entry made eight days
before. I try to keep portaudit references permanent.
> What are you trying to accomplish, Oliver? I would really like to know
> because clearly this situation is not good for our community.
A correctly working port auditing system, where users are timely warned
of possible vulnerabilities in their installed software. While it might
be acceptable when a documentation sometimes leaves out a PORTEPOCH or
has false positives for a couple of days, I consider this highly
problematic for portaudit and try to fix these things ASAP.
What are you trying to accomplish?
-Oliver
More information about the cvs-ports
mailing list