From owner-freebsd-ports@FreeBSD.ORG Thu May 28 17:16:38 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CA489EAE for ; Thu, 28 May 2015 17:16:38 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9DFBE2F0 for ; Thu, 28 May 2015 17:16:38 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 82EAB2082C for ; Thu, 28 May 2015 13:16:37 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute1.internal (MEProxy); Thu, 28 May 2015 13:16:37 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=AI0JRDOLnfTs8+v 02YlHyXL3UAs=; b=X3nfp51UzTwnE43I/dZojF++xmk1n47m6vzBSlwWYLP8bKG 089qFIdkO2CGv42zIx48zCepjcShs4JNwtLplsAJ4Iy1K/f1FWfAyHnuICIqIcSP Gl0C5ixE2XJgEO9sHLmjLBcvi4S0YeP/pqTuanqhDm7vOtl3K+IqUZ1dnL5M= Received: by web3.nyi.internal (Postfix, from userid 99) id 4F1F610D4DE; Thu, 28 May 2015 13:16:37 -0400 (EDT) Message-Id: <1432833397.3252848.280655409.2ADE5952@webmail.messagingengine.com> X-Sasl-Enc: qcxdb4T/FLocJK1eo3A8pHxuFerQRUW8DP7l5t9RPS74 1432833397 From: Mark Felder To: Bryan Drewery , Roger Marquis Cc: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-073992ec In-Reply-To: <556746A4.4090208@FreeBSD.org> References: <20150523153029.B7BD3280@hub.freebsd.org> <1432659389.3130746.278522905.6D1E6549@webmail.messagingengine.com> <20150527174037.EF719B11@hub.freebsd.org> <556746A4.4090208@FreeBSD.org> Subject: Re: New pkg audit / vuln.xml failures (php55, unzoo) Date: Thu, 28 May 2015 12:16:37 -0500 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2015 17:16:38 -0000 On Thu, May 28, 2015, at 11:47, Bryan Drewery wrote: > > I think the VUXML database needs to be simpler to contribute to. Only a > handful of committers feel comfortable touching the file. We could use a very friendly user-facing form that they can fill out to create a valid vuxml entry. And then the entry could create a github pull request. It would be very easy then to accept or reject the request, and accepted requests could be auto-committed to the ports tree or wherever it needs to go so pkgaudit can pull it. This would be leaps and bounds better than what we have. It would simplify the process and permit crowdsourcing CVE reporting. Everybody wins.