cvs commit: ports/devel/pwlib Makefile ports/devel/pwlib/files
ports/net/asterisk Makefile
Maxim Sobolev
sobomax at portaone.com
Tue Jun 8 08:58:41 GMT 2004
Dag-Erling Smørgrav wrote:
> Maxim Sobolev <sobomax at portaone.com> writes:
>
>>Dag-Erling Smørgrav wrote:
>>
>>>Maxim Sobolev <sobomax at FreeBSD.org> writes:
>>>
>>>> No reply from: security-officer
>>>
>>>What kind of reply were you expecting?
>>
>>I was expecting sort of approval.
>
>
> You're a member of portmgr, and shouldn't need anyone's approval to
> commit to the ports tree, especially when the issue is already public.
Since it was known security problem and I wanted to commit a fix, I
expected that security officers would want to review the fix.
>>>BTW, could you please add a vuln.xml entry for this?
>>
>>Yes, I can, but what exactly should I add?
>
>
> Look at what's already there; it should briefly describe the bug,
> specify which versions are affected, and provide references to vendor
> information. The bug ID is a DCE UUID, which you can generate with
> uuidgen(1).
What should I do if I have committed a fix to a vulnerability already
documented in vuln.xml? BTW, it probably would be nice if you can
document it either in Committer's Handbook or Porter's Handbook.
-Maxim
More information about the cvs-all
mailing list