Date: Fri, 29 Nov 2002 14:29:46 -0800 From: Kris Kennaway <kris@obsecurity.org> To: docs@FreeBSD.org Subject: [dkl@tessellated.net: Re: Providing a mechanism for port maintainers to specify an immediate package rebuild/redist to improve security response (Was Re: samba security update)] Message-ID: <20021129222946.GA37822@rot13.obsecurity.org>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Can someone please review/commit this patch?
Thanks,
Kris
----- Forwarded message from dkl <dkl@tessellated.net> -----
Delivered-To: kkenn@localhost.obsecurity.org
Delivered-To: kris@freebsd.org
Date: Fri, 29 Nov 2002 16:17:26 -0500 (EST)
From: dkl <dkl@tessellated.net>
To: Kris Kennaway <kris@obsecurity.org>
Cc: "David W. Chapman Jr." <dwcjr@inethouston.net>,
<portmgr@FreeBSD.org>
Subject: Re: Providing a mechanism for port maintainers to specify an immediate
package rebuild/redist to improve security response (Was Re: samba security
update)
In-Reply-To: <20021129205621.GA37465@rot13.obsecurity.org>
X-UIDL: e8a584825dab730b5bf271a481a34983
X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.8.0.1
> > > Submitting a patch to add it to the porter's handbook would be
> > > useful..do you think you could work on that?
> >
> > Sure, I'll put something together in the next few hours.
Please see attached diff. I'll send-pr it and drop nik an email if it
looks OK.
> A new 'security' section would be good. (snip)
I'll try to take care of this on Monday, using your bullets as the basis.
regards
dkl
diff -ruN porters-handbook.orig/book.sgml porters-handbook/book.sgml
--- porters-handbook.orig/book.sgml Fri Nov 29 15:37:36 2002
+++ porters-handbook/book.sgml Fri Nov 29 16:08:06 2002
@@ -3954,6 +3954,10 @@
doing a commit. If the diff is more than about 20KB, please compress
and uuencode it; otherwise, just include it in the PR as is.</para>
+ <important>
+ <para>If your upgrade is motivated by security concerns or a major regression in the currently committed port, please notify the Package Builders <email>portmgr@FreeBSD.org</email> to request immediate rebuilding and redistribution of your port's package. Unsuspecting users of &man.pkg_add.1; will otherwise continue to install the old version via <command>pkg_add -r</command> for several weeks.</para>
+ </important>
+
<note>
<para>Once again, please use &man.diff.1; and not &man.shar.1; to send
updates to existing ports!</para>
----- End forwarded message -----
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE95+paWry0BWjoQKURAjT0AKC3U/szxL6zln9FjhCJRP7CRdjPpgCgsVJd
oHef+ptbwPGkb6aLfKV7MMw=
=3ieE
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021129222946.GA37822>