From owner-freebsd-pkg@FreeBSD.ORG Mon May 18 14:41:19 2015 Return-Path: Delivered-To: freebsd-pkg@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 929678E4 for ; Mon, 18 May 2015 14:41:19 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5FA30119A for ; Mon, 18 May 2015 14:41:19 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id t4IEfJp5044401 for ; Mon, 18 May 2015 14:41:19 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id t4IEfJL7044396 for freebsd-pkg@freebsd.org; Mon, 18 May 2015 14:41:19 GMT (envelope-from bdrewery) Received: (qmail 67180 invoked from network); 18 May 2015 09:41:14 -0500 Received: from unknown (HELO ?10.10.1.139?) (freebsd@shatow.net@10.10.1.139) by sweb.xzibition.com with ESMTPA; 18 May 2015 09:41:14 -0500 Message-ID: <5559FA0B.8080005@FreeBSD.org> Date: Mon, 18 May 2015 09:41:15 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Roger Marquis , freebsd-security@freebsd.org, freebsd-pkg@freebsd.org, freebsd-ports@freebsd.org Subject: Re: pkg audit / vuln.xml failures References: <20150517210259.C25DF76F@hub.freebsd.org> In-Reply-To: <20150517210259.C25DF76F@hub.freebsd.org> OpenPGP: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="rB4sRDOgLiJcN0HGIXPAnXoh3l6s8Wa3V" X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2015 14:41:19 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --rB4sRDOgLiJcN0HGIXPAnXoh3l6s8Wa3V Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 5/17/2015 4:02 PM, Roger Marquis wrote: > Does anyone know what's going on with vuln.xml updates? Over the last > few weeks and months CVEs and application mailing lists have announced > vulnerabilities for several ports that in some cases only showed up in > vuln.xml after several days and in other cases are still not listed > (despite email to the security team). >=20 > Is there a URL outlining the policies and procedures of vuln.xml > maintenance? >=20 ports-secteam@ owns this file, not secteam@. The team needs more help. Would you like to volunteer to submit vuxml updates? Many contributors, and committers, feel the file is not easy to contribute to. Regards, Bryan Drewery --rB4sRDOgLiJcN0HGIXPAnXoh3l6s8Wa3V Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVWfoSAAoJEDXXcbtuRpfPA0EIAM6fvSkm3GsxafSbgwpSvVnZ S3wC+MlSwMS+UW0jYG9/y2Qpz3P3gZEHOSxcxI9lF/jvAtA46Za8pAxJRChN2TQZ ToOhfpZkH6EVgyg/8mw9kcRx1DAwSk4N7UsE9gBY8ubJDeIF/gvqlbOkbTN6xxRb tIbF8OXfzJnqKVIaNBfsoDfmNBOaUzEBzWoIEjXXuSTMD/QrlSZyiTJNIHj+s6W4 sJpGATzpRVmyadqcMwc8D4z2sONbf3f9jklLqeO4h7IItIO8Csa/UpYMWLW3IbYB aeRdIx8kBl0WbugV1cwnZu2Lq0QrGarwEsjyY2F6XYD7BDenVJejQ0GtlOIHuEw= =GJke -----END PGP SIGNATURE----- --rB4sRDOgLiJcN0HGIXPAnXoh3l6s8Wa3V--