Date: Wed, 5 Sep 2001 07:35:17 -0400 (EDT) From: Mikhail Teterin <mi@aldan.algebra.com> To: kris@obsecurity.org Cc: obrien@FreeBSD.org, ache@nagual.pp.ru, ru@FreeBSD.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libc/stdlib strtol.c strtoll.c strtoq.c strtoul.c strtoull.c strtouq.c Message-ID: <200109051135.f85BZKo61773@aldan.algebra.com> In-Reply-To: <20010904165218.A59467@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 Sep, Kris Kennaway wrote: >> BTW, most of the patches in the ports-tree don't have such IDs, but >> some do. Since those IDs are discarded as early as at the "make >> patch" stage, I think they are pretty useless -- they don't make it >> to the compiled binaries anyway. But what's the general opinion? > > I'm not sure at what point we started talking about ports. No, we started talking about the version strings in files. Although annoying to some, working with the source code, they are considered useful by others -- including yourself -- for analyzing binaries. > Vulnerabilities in ports are indexed by the port version: when we fix > a vulnerability, the version gets bumped, and it's trivial to check > whether the installed port is vulnerable. I realized, that I just recently saw such lines in some of ports' patch files. They annoyed me -- at the source level, and I wonder if they should be removed, because they never make it to the binary anyway... -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109051135.f85BZKo61773>