Need opinion on update vuxml

Reply: Fernando_Apesteguía : "Re: Need opinion on update vuxml"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Nuno Teixeira <eduardo_at_freebsd.org>
Date: Fri, 05 Aug 2022 12:47:55 UTC

Hello,

As a committer do I need secteam approval to update vuxml database?

For what I've read in 12.3.1. The VuXML Database
<https://docs.freebsd.org/en/books/porters-handbook/book/#security-notify-vuxml-db>
:
---
Committers can update the VuXML database themselves, assisting the Security
Officer Team and delivering crucial information to the community more
quickly. Those who are not committers or have discovered an exceptionally
severe vulnerability should not hesitate to contact the Security Officer
Team directly, as described on the FreeBSD Security Information
<https://www.freebsd.org/security/#how> page.
---

If yes, then I should make some tests do guarantee that new entry is ok:
---
3. use 'make validate' to verify syntax correctness

Additional tests can be done this way:
 $ make vuln-flat.xml
 $ pkg audit -f ./vuln-flat.xml py26-django-1.6 (e.g.)
---

PR265526 have an vuxml new entry and I'm waiting for ports-secteam to
approve.

Thanks in advance,
-- 
Nuno Teixeira
FreeBSD Committer (ports)