Date: Wed, 17 Mar 2004 08:23:30 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: "Peter C. Lai" <sirmoo@cowbert.2y.net> Cc: freebsd-security@freebsd.org Subject: Re: portaudit Message-ID: <20040317142330.GA21961@madman.celabo.org> In-Reply-To: <20040317070051.GC716@cowbert.2y.net> References: <20040317070051.GC716@cowbert.2y.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 17, 2004 at 02:00:51AM -0500, Peter C. Lai wrote: > Any reason why portaudit and its associated infrastructure was not announced to > this list or security-notifications? I recently discovered it, and discovered > the feature was added to bsd.port.mk in the beginning of feburary. Seeing as > the security officer apparently (without announcement) no longer issues > security notices (SNs) for ports, I am assuming that portaudit has replaced > SNs entirely, and that we should rely on that for ports operational security? > I'm not subscribed to -ports, -questions, or -current, which were apparently > where the portaudit introduction discussions took place. VuXML is the new mechanism for documenting security issues in ports. It has not been `announced' because it is still at an experimental stage. portaudit is one tool that reads the FreeBSD VuXML document, and is well- suited for automated checking. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040317142330.GA21961>