From owner-freebsd-security Tue Mar 12 22:53:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 47AE037B402 for ; Tue, 12 Mar 2002 22:53:35 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g2D6rW38003808; Wed, 13 Mar 2002 19:53:32 +1300 (NZDT) (envelope-from andrew@scoop.co.nz) Date: Wed, 13 Mar 2002 19:53:32 +1300 (NZDT) From: Andrew McNaughton X-X-Sender: andrew@a2 To: batz Cc: Christopher Schulte , lewwid , , Max Mouse Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) In-Reply-To: Message-ID: <20020313194713.A3633-100000@a2> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 12 Mar 2002, batz wrote: > Back to my original post, about whether cvs would be a useful way to > manage security specific information, so that people who just wanted to > fix open vulnerabilities could do so in a way that did not involve > sucking down most of the ports tree if they had not upgraded it in a while. > > Has anyone else done anything especially different for managing security > specific patches? Rather than looking at separate distribution of ports, why not look at a protocol for providing a list of versions of ports which are insecure. This could be added into the daily security check. No remedy to problems found, just notification. Something similar to the version checking available through periodic at present except that it would only cover security issues. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message