a reminder to PR submitters

Mark Linimon linimon at lonesome.com
Tue Oct 21 23:42:01 PDT 2003

Please do not set the Confidential field on your PRs to "yes".
We really don't have a mechanism to deal with confidential
PRs in GNATS due to the fact that the database itself can be
replicated, via cvsup, to anyone's machine, and thus itself is
inherently insecure.  Setting this field to "yes" merely makes
your PR disappear into this limbo-category called "pending" which
is dark and scary and filled with big spiders and stuff :-)

The only mechanism in FreeBSD for notification of severe security
vulnerabilities, as far as I know, it to directly send email to
security-officer @ FreeBSD.org.  I'm sure that if I'm wrong that
someone will correct me immediately ...


More information about the freebsd-ports mailing list