From owner-cvs-all@FreeBSD.ORG  Sun Oct  2 19:17:12 2011
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6A8691065679;
	Sun,  2 Oct 2011 19:17:12 +0000 (UTC)
	(envelope-from Cy.Schubert@komquats.com)
Received: from idcmail-mo2no.shaw.ca (idcmail-mo2no.shaw.ca [64.59.134.9])
	by mx1.freebsd.org (Postfix) with ESMTP id E34828FC19;
	Sun,  2 Oct 2011 19:17:11 +0000 (UTC)
Received: from lb7f8hsrpno-svcs.dcs.int.inet (HELO pd6ml2no-ssvc.prod.shaw.ca)
	([10.0.144.222])
	by pd6mo1no-svcs.prod.shaw.ca with ESMTP; 02 Oct 2011 13:17:11 -0600
X-Cloudmark-SP-Filtered: true
X-Cloudmark-SP-Result: v=1.1 cv=blS1IfD9ATTwslHPX1wg2xrVchEzJECajZTP4gYUBpc=
	c=1 sm=1
	a=wHXR_hqnctcA:10 a=QrugwKR0C_UA:10 a=wAGQQ9Az6v0A:10 a=BLceEmwcHowA:10
	a=xA7i7079zcQA:10 a=kj9zAlcOel0A:10 a=2Er20JxOMs3KTlR2XTlUiQ==:17
	a=6I5d2MoRAAAA:8 a=BWvPGDcYAAAA:8 a=tZ5SSJdqAAAA:8
	a=pPIBucLG2ClmshICvNIA:9
	a=f6EMcaAcV7_PhAoUBvEA:7 a=CjuIK1q_8ugA:10 a=HO-EjDBg6p8A:10
	a=SV7veod9ZcQA:10 a=V7tsTZBp22UA:10 a=jJNQ3FqQoaH6m1Ft:21
	a=a4KgbOeaJRmb5GzG:21 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117
Received: from unknown (HELO spqr.komquats.com) ([24.68.73.211])
	by pd6ml2no-dmz.prod.shaw.ca with ESMTP; 02 Oct 2011 13:17:10 -0600
Received: from cwsys.cwsent.com (cwsys [10.1.1.1])
	by spqr.komquats.com (Postfix) with ESMTP id 2A7E946B8A;
	Sun,  2 Oct 2011 12:16:40 -0700 (PDT)
Received: from cwsys (localhost [127.0.0.1])
	by cwsys.cwsent.com (8.14.5/8.14.5) with ESMTP id p92JGeOh083857;
	Sun, 2 Oct 2011 12:16:40 -0700 (PDT)
	(envelope-from Cy.Schubert@komquats.com)
Message-Id: <201110021916.p92JGeOh083857@cwsys.cwsent.com>
X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.3
From: Cy Schubert <Cy.Schubert@komquats.com>
X-os: FreeBSD
X-Sender: cy@cwsent.com
X-URL: http://www.komquats.com/
To: Doug Barton <dougb@FreeBSD.org>
In-Reply-To: Message from Doug Barton <dougb@FreeBSD.org>
	of "Sun, 02 Oct 2011 11:21:14 PDT." <4E88AB9A.5010801@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 02 Oct 2011 12:16:40 -0700
Cc: lme@FreeBSD.org, cvs-ports@FreeBSD.org, ports-committers@FreeBSD.org,
	cvs-all@FreeBSD.org, Cy Schubert <cy@FreeBSD.org>
Subject: Re: cvs commit: ports/sysutils/syslog-ng1 Makefile
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Cy Schubert <Cy.Schubert@komquats.com>
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Oct 2011 19:17:12 -0000

In message <4E88AB9A.5010801@FreeBSD.org>, Doug Barton writes:
> FYI, in version 1.42 of the Makefile in its old location I tagged it thus:
> 
> FORBIDDEN=      Vulnerable since 2008-11-18,
> http://portaudit.freebsd.org/75f2382e-b586-11dd-95f9-00e0815b8da8.html
> EXPIRATION_DATE=        2011-10-14

The syslog-ng1 port has been adjusted to reflect the above.

> 
> Apparently the repo copy was done from version 1.41 (another reason that
> repo copies are a pointless waste).

I'm not sure how to address this. I think communication is part of the 
answer but how would need to be engineered into the solution. A maintainer 
would obviously know the timing of when to commit and whether it would be 
safe to do so, however persons performing sweeping commits have no idea of 
any other background work being performed. Without putting too much thought 
into this at the moment repocopy requests could be put into a queue and 
anyone needing to perform sweeping commits could check the list and 
coordinate with with portmgr to time commits with repocopies or vice versa. 
This is not an uncommon problem in any development shop I've worked at or 
in any sysadmin role I've had. We just need processes in place to address 
this type of issue. Maybe a simple search for open repocopy requests is all 
we need: query-pr -x -q -s repocopy.


> 
> In any case give how long this port was vulnerable it might have made
> sense to just do the upgrade, and eliminate version 1 entirely. The next
> best solution would be to move the expiration date up to 2011-10-14.
> Either way the port should be FORBIDDEN, not DEPRECATED.

It has been FORBIDDEN and DEPRECATED with an expiry date of Nov 14.


-- 
Cheers,
Cy Schubert <Cy.Schubert@komquats.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.


> 
> 
> Doug
> 
> 
> On 10/01/2011 20:53, Cy Schubert wrote:
> > cy          2011-10-02 03:53:50 UTC
> > 
> >   FreeBSD ports repository
> > 
> >   Modified files:
> >     sysutils/syslog-ng1  Makefile 
> >   Log:
> >   Deprecate syslog-ng1 and expire on Nov 1, 2011.
> >   
> >   Submitted by:   Syslog-ng upline.
> >   Approved by:    Maintainer
> >   
> >   Revision  Changes    Path
> >   1.43      +3 -0      ports/sysutils/syslog-ng1/Makefile
> > 
> > http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/sysutils/syslog-ng1/Makefile.di
> ff?&r1=1.42&r2=1.43&f=h
> > 
> 
> 
> 
> -- 
> 
> 	Nothin' ever doesn't change, but nothin' changes much.
> 			-- OK Go
> 
> 	Breadth of IT experience, and depth of knowledge in the DNS.
> 	Yours for the right price.  :)  http://SupersetSolutions.com/