From owner-cvs-all  Wed Sep  5  4:36:55 2001
Delivered-To: cvs-all@freebsd.org
Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3B68B37B406; Wed,  5 Sep 2001 04:36:39 -0700 (PDT)
Received: from aldan.algebra.com (localhost [127.0.0.1])
	by aldan.algebra.com (8.11.5/8.11.5) with ESMTP id f85BZKo61773;
	Wed, 5 Sep 2001 07:35:25 -0400 (EDT)
	(envelope-from mi@aldan.algebra.com)
Message-Id: <200109051135.f85BZKo61773@aldan.algebra.com>
Date: Wed, 5 Sep 2001 07:35:17 -0400 (EDT)
From: Mikhail Teterin <mi@aldan.algebra.com>
Subject: Re: cvs commit: src/lib/libc/stdlib strtol.c strtoll.c strtoq.c strtoul.c strtoull.c strtouq.c
To: kris@obsecurity.org
Cc: obrien@FreeBSD.org, ache@nagual.pp.ru, ru@FreeBSD.org,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
In-Reply-To: <20010904165218.A59467@xor.obsecurity.org>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On  4 Sep, Kris Kennaway wrote:

>> BTW, most of  the patches in the ports-tree don't  have such IDs, but
>> some  do. Since  those IDs  are discarded  as early  as at  the "make
>> patch" stage, I  think they are pretty useless --  they don't make it
>> to the compiled binaries anyway. But what's the general opinion?
>
> I'm not sure at what point we started talking about ports.

No,  we started  talking about  the version  strings in  files. Although
annoying  to some,  working with  the source  code, they  are considered
useful by others -- including yourself -- for analyzing binaries.

> Vulnerabilities in ports are indexed by the port version: when we fix
> a vulnerability, the version gets bumped, and it's trivial to check
> whether the installed port is vulnerable.

I realized, that I just recently saw  such lines in some of ports' patch
files. They  annoyed me  -- at the  source level, and  I wonder  if they
should be removed, because they never make it to the binary anyway...

	-mi


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message