From owner-freebsd-ports@FreeBSD.ORG  Mon Nov 15 03:10:28 2004
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id DDBAB16A4CE; Mon, 15 Nov 2004 03:10:28 +0000 (GMT)
Received: from obsecurity.dyndns.org
	(CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.194.102.143])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A80B643D45; Mon, 15 Nov 2004 03:10:28 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 9B95B5140D; Sun, 14 Nov 2004 19:13:14 -0800 (PST)
Date: Sun, 14 Nov 2004 19:13:14 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Matthias Andree <ma@dt.e-technik.uni-dortmund.de>
Message-ID: <20041115031314.GA43451@xor.obsecurity.org>
References: <20041115005016.GA4384@xor.obsecurity.org>
	<m3d5yfvmjk.fsf@merlin.emma.line.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="1yeeQ81UyVL57Vl7"
Content-Disposition: inline
In-Reply-To: <m3d5yfvmjk.fsf@merlin.emma.line.org>
User-Agent: Mutt/1.4.2.1i
cc: ports@freebsd.org
cc: stable@freebsd.org
cc: Kris Kennaway <kris@obsecurity.org>
Subject: Re: New 5.x packages uploaded
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2004 03:10:29 -0000


--1yeeQ81UyVL57Vl7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Nov 15, 2004 at 04:06:07AM +0100, Matthias Andree wrote:
> Kris Kennaway <kris@obsecurity.org> writes:
>=20
> > I've uploaded new packages for 5.3-stable; they'll make their way onto
> > the ftp mirrors over the next day or so.  Included are the new
> > versions of GNOME and KDE, among others.
>=20
> BTW, are we getting long-standing security issues in ports fixed, for
> instance cups-base, open-motif, others? Yeah I know send patches, but my
> ressources are limited and committers are also overworked already...
>=20
> The general question I'd like to raise is how long will we allow ports
> with known security flaws linger around before they are marked BROKEN?

In general serious security flaws should be marked FORBIDDEN
immediately, and they generally are.  Fixing the security issues is up
to the community.

Kris

--1yeeQ81UyVL57Vl7
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBmB7KWry0BWjoQKURAgVCAJ44n/aXhwM5nH3ahQ3/xvFXO6rSBgCeM49S
ym/iyWPMXZJOwiFWQdGC/bI=
=eJRk
-----END PGP SIGNATURE-----

--1yeeQ81UyVL57Vl7--