From owner-svn-ports-all@freebsd.org Wed Oct 4 12:17:51 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0FF6CE3877C; Wed, 4 Oct 2017 12:17:51 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from prod2.absolight.net (prod2.absolight.net [79.143.243.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C33B484FF8; Wed, 4 Oct 2017 12:17:50 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from prod2.absolight.net (localhost [127.0.0.1]) by prod2.absolight.net (Postfix) with ESMTP id 8D0C1BDD3E; Wed, 4 Oct 2017 14:17:47 +0200 (CEST) Received: from ogg.in.absolight.net (ogg.in.absolight.net [79.143.241.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by prod2.absolight.net (Postfix) with ESMTPSA id 402E8BDD35; Wed, 4 Oct 2017 14:17:47 +0200 (CEST) Subject: Re: svn commit: r450898 - head/security/vuxml To: David Chisnall , Ryan Steinmetz Cc: Cy Schubert , Mathieu Arnold , "ports-committers@freebsd.org" , "svn-ports-all@freebsd.org" , "svn-ports-head@freebsd.org" References: <20171003185229.GA91081@exodus.zi0r.com> <201710031914.v93JESd2007316@slippy.cwsent.com> <20171003191620.GA99159@exodus.zi0r.com> <31BE1638-3115-4F25-810C-5CB91626E480@FreeBSD.org> From: Mathieu Arnold Organization: Absolight / The FreeBSD Foundation Message-ID: <493386ff-dc20-b8cb-001d-ea8b79ae1129@FreeBSD.org> Date: Wed, 4 Oct 2017 14:17:46 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <31BE1638-3115-4F25-810C-5CB91626E480@FreeBSD.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: fr X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2017 12:17:51 -0000 Le 04/10/2017 =C3=A0 13:37, David Chisnall a =C3=A9crit=C2=A0: > On 3 Oct 2017, at 20:16, Ryan Steinmetz wrote: >> >> On (10/03/17 12:14), Cy Schubert wrote: >>> In message <20171003185229.GA91081@exodus.zi0r.com>, Ryan Steinmetz w= rites: >>>> >>>> On (10/03/17 11:36), Cy Schubert wrote: >>>>> Really? >>>>> >>>>> Looking at the code it's a 1m size limit. Put yourself in sizelimit= =2Econf and >>>> you get 10x that, unless you put a size after your name. >>>> >>>> Typo--is a transaction size limit that was triggered. >>> Yes. >>> >>> Why delete the old entries? It's history. >>> >>> Maybe we shouldn't keep the vuxml database in the ports tree, instead= >>> hosting the vuxml file on github instead of the port itself??? Just a= >>> thought. >>> >> We (ports-secteam) were addressing a problem (people couldn't commit n= ew entries). >> >> There is some investigative work going on now that will give us more o= ptions in terms of dealing with growth. >> >> More information will surface in the near future. > In retrospect, it seems that putting this as a single file in the ports= tree was a bad idea, and the correct solution is to have individual XML = fragments that can be assembled into both one huge file of everything and= a smaller one for vulnerabilities in ports that have been shipped in the= last year. This is the idea, yes, split it in yearly, quarterly, or montly files. If only someone were to do it :-) (and make sure vuxml.org still works, and stuff.) --=20 Mathieu Arnold