Ports security [was: Ports/source dance]

[Adrian Penisoara]

Hi,

On 8/12/06, Simon L. Nielsen <simon at freebsd.org> wrote:
>
> >
> > What would the FreeBSD security officer say about this ?
>
> I was not on freebsd-isp, so I hadn't seen the start of this thread.
>
> Ports security issues should go to either freebsd-ports@,
> freebsd-security@, or directly to the FreeBSD Security Team at
> secteam at FreeBSD.org, if you want to catch the attention of the
> Security Team.
>
> I don't currently see enough volume with regards to ports security
> issues to warrant a separate mailing list.  I think using
> freebsd-security@ should be fine, and we can always create a new list
> if needed.
>
> With regards to a separate security team for ports, it has been
> discussed in the past, but so far hasn't been created mainly since it
> haven't been a problem for secteam members working on ports just being
> part of the "normal" secteam, while only/mostly working on ports
> issues.
>
> It would be very nice if more people helped out with the ports side of
> FreeBSD security, but when we had the last call for volunteers among
> committers there weren't a lot of people volunteering to help out with
> ports as part of the Security Team.
>
> That said, it's certainly no requirement to be a committer or to be
> part of secteam to help out.  Just create VuXML entries [1] [2] and
> send them to freebsd-vuxml at FreeBSD.org or secteam at FreeBSD.org for
> review and commit, or fix issues and send patches as PR's where
> secteam is CC'ed.

--
> Simon L. Nielsen
> FreeBSD Deputy Security Officer
>


Thanks for the well-written response. I think at least part of it should
make it into the FreeBSD Security Information page (
http://www.freebsd.org/security/ ) since currently there is just a simple
reference towards VuXML for ports security.

My 2cents,
Adrian Penisoara
Ady (@freebsd.ady.ro, @rofug.ro)