Date: Thu, 5 Aug 2004 16:59:10 +0200 From: Oliver Eikemeier <eikemeier@fillmore-labs.com> To: dirk.meyer@dinoex.sub.org (Dirk Meyer) Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/portaudit-db/database portaudit.txt Message-ID: <01FE6C57-E6F0-11D8-9C56-00039312D914@fillmore-labs.com> In-Reply-To: <wGdEA2ocaG@dmeyer.dinoex.sub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dirk Meyer wrote: > Oliver Eikemeier schrieb:, > >> Btw, both files >> security/vuxml/vuln.xml >> and >> security/portaudit-db/database/portaudit.txt >> can be modified by every committer without approval of the maintainers >> of the respective ports. Perhaps they should be moved to a more >> prominent place, or this should be stated more clearly in the Porters >> Handbook / comments in the respective files. > > The "Porters Handbook" has a diffrent statement on this: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters- > handbook/security-notify.html > > -------------------- > 16.3.4 If VuXML still scares you... > > As an easy alternative to writing VuXML, you may opt to add a single > line > to a different file with much simpler syntax, > PORTSDIR/security/portaudit- > /database/portaudit.txt, which resides within the port > security/portaudit-db, > and send a request for review to the Security Officer Team as described > on the FreeBSD Security Information page. > > -------------------- > > This I read as "Approval by Security Officer" needed. It should read `add a single line [...], and *then* send a request for review'. Since I participated in writing this chapter (although the credits for doing most if the work should go to Yar Tikhiy <yar@FreeBSD.org>), and this is *my* file I should know... -Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01FE6C57-E6F0-11D8-9C56-00039312D914>