Date: Thu, 28 May 2015 12:16:37 -0500 From: Mark Felder <feld@FreeBSD.org> To: Bryan Drewery <bdrewery@FreeBSD.org>, Roger Marquis <marquis@roble.com> Cc: freebsd-ports@freebsd.org Subject: Re: New pkg audit / vuln.xml failures (php55, unzoo) Message-ID: <1432833397.3252848.280655409.2ADE5952@webmail.messagingengine.com> In-Reply-To: <556746A4.4090208@FreeBSD.org> References: <alpine.BSF.2.11.1505171402430.52815@eboyr.pbz> <20150523153029.B7BD3280@hub.freebsd.org> <1432659389.3130746.278522905.6D1E6549@webmail.messagingengine.com> <20150527174037.EF719B11@hub.freebsd.org> <556746A4.4090208@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 28, 2015, at 11:47, Bryan Drewery wrote: > > I think the VUXML database needs to be simpler to contribute to. Only a > handful of committers feel comfortable touching the file. We could use a very friendly user-facing form that they can fill out to create a valid vuxml entry. And then the entry could create a github pull request. It would be very easy then to accept or reject the request, and accepted requests could be auto-committed to the ports tree or wherever it needs to go so pkgaudit can pull it. This would be leaps and bounds better than what we have. It would simplify the process and permit crowdsourcing CVE reporting. Everybody wins.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1432833397.3252848.280655409.2ADE5952>