pkg audit / vuln.xml failures
Sevan / Venture37
venture37 at gmail.com
Mon May 18 20:20:15 UTC 2015
On 18 May 2015 at 20:26, Mark Felder <feld at freebsd.org> wrote:
> I was just thinking it might be nice when you're committing a change to
> a port to fix a CVE if there was a tag you can drop in the commit log to
> tell ports-security if there is a need for an entry to vuln.xml. At
> least those without experience editing vuln.xml can more easily have
> someone else assist them with getting it added.
Ah, yes, that applies to those with those shiny commit bits. I'm on
the other side. It certainly needs to be added to the workflow of
updating/maintaining ports somehow.
There's the problem of
Maintaining the vuxml entries
Flagging security issues resolved in updates
Flagging unaddressed security updates
Sevan / Venture37
More information about the freebsd-security
mailing list