From owner-freebsd-ports@FreeBSD.ORG Thu May 28 17:28:40 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 440F34B1 for ; Thu, 28 May 2015 17:28:40 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0D9E681E for ; Thu, 28 May 2015 17:28:40 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id t4SHSda7087028 for ; Thu, 28 May 2015 17:28:39 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id t4SHSdPe087027 for freebsd-ports@freebsd.org; Thu, 28 May 2015 17:28:39 GMT (envelope-from bdrewery) Received: (qmail 75184 invoked from network); 28 May 2015 12:28:35 -0500 Received: from unknown (HELO ?10.10.1.139?) (freebsd@shatow.net@10.10.1.139) by sweb.xzibition.com with ESMTPA; 28 May 2015 12:28:35 -0500 Message-ID: <55675049.1030502@FreeBSD.org> Date: Thu, 28 May 2015 12:28:41 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Mark Felder , Roger Marquis CC: freebsd-ports@freebsd.org Subject: Re: New pkg audit / vuln.xml failures (php55, unzoo) References: <20150523153029.B7BD3280@hub.freebsd.org> <1432659389.3130746.278522905.6D1E6549@webmail.messagingengine.com> <20150527174037.EF719B11@hub.freebsd.org> <556746A4.4090208@FreeBSD.org> <1432833397.3252848.280655409.2ADE5952@webmail.messagingengine.com> In-Reply-To: <1432833397.3252848.280655409.2ADE5952@webmail.messagingengine.com> OpenPGP: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="W5SMCe2pJ5fnFqQGE1UHaEOIpXOM88J7i" X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2015 17:28:40 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --W5SMCe2pJ5fnFqQGE1UHaEOIpXOM88J7i Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 5/28/2015 12:16 PM, Mark Felder wrote: >=20 >=20 > On Thu, May 28, 2015, at 11:47, Bryan Drewery wrote: >> >> I think the VUXML database needs to be simpler to contribute to. Only = a >> handful of committers feel comfortable touching the file. >=20 > We could use a very friendly user-facing form that they can fill out to= > create a valid vuxml entry. And then the entry could create a github > pull request. It would be very easy then to accept or reject the > request, and accepted requests could be auto-committed to the ports tre= e > or wherever it needs to go so pkgaudit can pull it. >=20 > This would be leaps and bounds better than what we have. It would > simplify the process and permit crowdsourcing CVE reporting.=20 >=20 > Everybody wins. >=20 swills@ wrote up something a few years ago for an html form. --=20 Regards, Bryan Drewery --W5SMCe2pJ5fnFqQGE1UHaEOIpXOM88J7i Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVZ1BJAAoJEDXXcbtuRpfPtqcH+wflYK5ig6kS/2TEdvLXo0nW NHZ/O/ftnF0MWlu97NmD/Tf+RFng4fZQJP56ZKnUn/CpxeMHLWDr85inbxDjRI6s Rvt3wQmfWGP4rTFF7e4FB69MOBhkDWcRXSaeB/edm8LxImKHull/7EKTi19UCaXT 0vMiCfZUv8FO3YlxD4xHbWGkrYsfMfjOiFx6iHmggEH0pbAPJROWFbTJGXfJG5W0 SU+exiW28rGKL7aoaM6Xkbllqv2AeYpSizzFNU2DjicMQ/tgsuhBvHLNuqceecEY QlLdp9LwNwqt9kBKbFZddjyfLkm8lUISvGMGK9NKnqpgsav1otMd3RFJdQFjYtI= =GA+F -----END PGP SIGNATURE----- --W5SMCe2pJ5fnFqQGE1UHaEOIpXOM88J7i--