Re: Need opinion on update vuxml

In reply to: Nuno Teixeira : "Need opinion on update vuxml"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Fernando_Apesteguía <fernando.apesteguia_at_gmail.com>
Date: Fri, 05 Aug 2022 15:56:36 UTC

El vie., 5 ago. 2022 14:48, Nuno Teixeira <eduardo@freebsd.org> escribió:

> Hello,
>
> As a committer do I need secteam approval to update vuxml database?
>

AFAICT you don't need approval, you can make the changes yourself directly.

Cheers

>
> For what I've read in 12.3.1. The VuXML Database
> <https://docs.freebsd.org/en/books/porters-handbook/book/#security-notify-vuxml-db>
> :
> ---
> Committers can update the VuXML database themselves, assisting the
> Security Officer Team and delivering crucial information to the community
> more quickly. Those who are not committers or have discovered an
> exceptionally severe vulnerability should not hesitate to contact the
> Security Officer Team directly, as described on the FreeBSD Security
> Information <https://www.freebsd.org/security/#how> page.
> ---
>
> If yes, then I should make some tests do guarantee that new entry is ok:
> ---
> 3. use 'make validate' to verify syntax correctness
>
> Additional tests can be done this way:
>  $ make vuln-flat.xml
>  $ pkg audit -f ./vuln-flat.xml py26-django-1.6 (e.g.)
> ---
>
> PR265526 have an vuxml new entry and I'm waiting for ports-secteam to
> approve.
>
> Thanks in advance,
> --
> Nuno Teixeira
> FreeBSD Committer (ports)
>