Date: Mon, 18 May 2015 21:20:11 +0100 From: "Sevan / Venture37" <venture37@gmail.com> To: Mark Felder <feld@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: pkg audit / vuln.xml failures Message-ID: <CA%2BU3Mf7AskL25eTQ4qcic19%2BHzo-EA%2Bv5%2BVPeUP5sK4ppOuuOQ@mail.gmail.com> In-Reply-To: <1431977178.2897923.271980105.0D554040@webmail.messagingengine.com> References: <20150517210300.45FF67B8@hub.freebsd.org> <1431972413.2880876.271908321.6959F2D3@webmail.messagingengine.com> <CA%2BU3Mf4kzdkFjO1Jd78Sw4Oj2DWk9N9zws9wPgngLJoBmZ8ZFQ@mail.gmail.com> <1431977178.2897923.271980105.0D554040@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18 May 2015 at 20:26, Mark Felder <feld@freebsd.org> wrote: > I was just thinking it might be nice when you're committing a change to > a port to fix a CVE if there was a tag you can drop in the commit log to > tell ports-security if there is a need for an entry to vuln.xml. At > least those without experience editing vuln.xml can more easily have > someone else assist them with getting it added. Ah, yes, that applies to those with those shiny commit bits. I'm on the other side. It certainly needs to be added to the workflow of updating/maintaining ports somehow. There's the problem of Maintaining the vuxml entries Flagging security issues resolved in updates Flagging unaddressed security updates Sevan / Venture37
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BU3Mf7AskL25eTQ4qcic19%2BHzo-EA%2Bv5%2BVPeUP5sK4ppOuuOQ>