svn commit: r450898 - head/security/vuxml
David Chisnall
theraven at FreeBSD.org
Wed Oct 4 11:49:34 UTC 2017
On 3 Oct 2017, at 20:16, Ryan Steinmetz <zi at FreeBSD.org> wrote:
>
>
> On (10/03/17 12:14), Cy Schubert wrote:
>> In message <20171003185229.GA91081 at exodus.zi0r.com>, Ryan Steinmetz writes:
>>>
>>>
>>> On (10/03/17 11:36), Cy Schubert wrote:
>>> >Really?
>>> >
>>> >Looking at the code it's a 1m size limit. Put yourself in sizelimit.conf and
>>> you get 10x that, unless you put a size after your name.
>>>
>>> Typo--is a transaction size limit that was triggered.
>>
>> Yes.
>>
>> Why delete the old entries? It's history.
>>
>> Maybe we shouldn't keep the vuxml database in the ports tree, instead
>> hosting the vuxml file on github instead of the port itself??? Just a
>> thought.
>>
>
> We (ports-secteam) were addressing a problem (people couldn't commit new entries).
>
> There is some investigative work going on now that will give us more options in terms of dealing with growth.
>
> More information will surface in the near future.
In retrospect, it seems that putting this as a single file in the ports tree was a bad idea, and the correct solution is to have individual XML fragments that can be assembled into both one huge file of everything and a smaller one for vulnerabilities in ports that have been shipped in the last year.
David
More information about the svn-ports-all
mailing list