From owner-freebsd-bugs@FreeBSD.ORG  Sat Sep 16 18:47:00 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@freebsd.org
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 28B5016A415;
	Sat, 16 Sep 2006 18:47:00 +0000 (UTC)
	(envelope-from vadimnuclight@tpu.ru)
Received: from relay1.tpu.ru (relay1.tpu.ru [213.183.112.102])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B739943D60;
	Sat, 16 Sep 2006 18:46:51 +0000 (GMT)
	(envelope-from vadimnuclight@tpu.ru)
Received: by relay1.tpu.ru (Postfix, from userid 501)
	id D937F13D475; Sun, 17 Sep 2006 01:46:49 +0700 (NOVST)
Received: from mail.main.tpu.ru (mail.main.tpu.ru [10.0.0.3])
	by relay1.tpu.ru (Postfix) with ESMTP id D19A813D478;
	Sun, 17 Sep 2006 01:46:46 +0700 (NOVST)
Received: from mail.tpu.ru ([213.183.112.105]) by mail.main.tpu.ru with
	Microsoft SMTPSVC(6.0.3790.1830); Sun, 17 Sep 2006 01:45:31 +0700
Received: from nuclight.avtf.net ([82.117.64.107]) by mail.tpu.ru over TLS
	secured channel with Microsoft SMTPSVC(6.0.3790.1830); 
	Sun, 17 Sep 2006 01:45:31 +0700
Date: Sun, 17 Sep 2006 01:45:10 +0700
To: "Greg Lewis" <glewis@freebsd.org>
References: <200609161726.k8GHQrRW013690@freefall.freebsd.org>
From: "Vadim Goncharov" <vadimnuclight@tpu.ru>
Organization: AVTF TPU Hostel
Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID: <optfzidkw74fjv08@nuclight.avtf.net>
In-Reply-To: <200609161726.k8GHQrRW013690@freefall.freebsd.org>
User-Agent: Opera M2/7.54 (Win32, build 3865)
X-OriginalArrivalTime: 16 Sep 2006 18:45:31.0608 (UTC)
	FILETIME=[49765D80:01C6D9C0]
Cc: freebsd-bugs@freebsd.org, bug-followup@freebsd.org,
	freebsd-java@freebsd.org
Subject: Re: ports/103313: portaudit reports bogus java/diablo-jdk15
	vulnerabity due to incorrect pkg naming
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Sep 2006 18:47:00 -0000

17.09.06 @ 00:26 Greg Lewis wrote:

> Synopsis: portaudit reports bogus java/diablo-jdk15 vulnerabity due to  
> incorrect pkg naming
>
> State-Changed-From-To: open->closed
> State-Changed-By: glewis
> State-Changed-When: Sat Sep 16 17:26:05 UTC 2006
> State-Changed-Why:
> This was fixed by remko@'s recent commit to vuln.xml (rev. 1.1131).
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=103313

That's VERY BAD method of fixing things. Package names should be changed,  
not vuln.xml! As cause of illness should always be cured, not the  
symptoms. And, after all, even that fix was partial: it fixed only jdk on  
fbsd 6 - my fbsd 5 IS STILL "vulnerable". And this is only jdk, but we  
have the same problem with jre. And not only for i386, but for amd64 also  
- 6 packages total, not 1.

-- 
WBR, Vadim Goncharov