New pkg audit / vuln.xml failures (php55, unzoo)
Bryan Drewery
bdrewery at FreeBSD.org
Thu May 28 17:28:40 UTC 2015
On 5/28/2015 12:16 PM, Mark Felder wrote:
>
>
> On Thu, May 28, 2015, at 11:47, Bryan Drewery wrote:
>>
>> I think the VUXML database needs to be simpler to contribute to. Only a
>> handful of committers feel comfortable touching the file.
>
> We could use a very friendly user-facing form that they can fill out to
> create a valid vuxml entry. And then the entry could create a github
> pull request. It would be very easy then to accept or reject the
> request, and accepted requests could be auto-committed to the ports tree
> or wherever it needs to go so pkgaudit can pull it.
>
> This would be leaps and bounds better than what we have. It would
> simplify the process and permit crowdsourcing CVE reporting.
>
> Everybody wins.
>
swills@ wrote up something a few years ago for an html form.
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20150528/7152879f/attachment.sig>
More information about the freebsd-ports
mailing list