Date: Mon, 12 Apr 2021 21:03:08 -0700 From: Gordon Tetlow <gordon@tetlows.org> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: Gian Piero Carrubba <gpiero@rm-rf.it>, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:08.vm missing in vuxml Message-ID: <9695BE88-A3E7-498D-8A5A-92BCB2E79DBD@tetlows.org> In-Reply-To: <d7cee6e3-f209-3bdd-8df4-7429243d5fe1@quip.cz> References: <d7cee6e3-f209-3bdd-8df4-7429243d5fe1@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Apr 12, 2021, at 03:21, Miroslav Lachman <000.fbsd@quip.cz> wrote: >=20 > =EF=BB=BFOn 11/04/2021 21:49, Gian Piero Carrubba wrote: >> * [Sun, Apr 11, 2021 at 09:36:05PM +0200] Miroslav Lachman: >>>> On 11/04/2021 21:21, Gian Piero Carrubba wrote: >>>>> CCing ports-secteam@ as it seems a more appropriate recipient. >>>=20 >>> Vulnerabilities in base should be handled by core secteam, not ports sec= team. >> The maintainer address for vuxml is ports-secteam@, so my impression is t= hat entries in vuxml, regardless if they affect base or ports, are managed b= y them. Am I wrong? >=20 > Because there are entries mainly for ports and vuxml is port too. But the r= esponsible side for vulnerabilities in base is Security Officer Team. They a= re publishing SAs, they should create and submit entries to vuxml. They are a= lmost always lacking behind, sometimes for months. I tried created patches w= ith entries in the past because I am the author of base-audit script and mai= ntainer of the port but then it was waiting for a long time to have it confi= rmed by Security Officer Team. >=20 > I fought with this many times. Hi there! Secteam has been pretty faithfully putting base issues into vuxml for the pa= st year at least, thanks to the tireless work by Philip. The current issues w= ere committed to vuxml 6 days ago. Apparently, the backend that serves the v= uxml for clients hasn=E2=80=99t been updated for the ports git transition. T= here is a pr for that already and hopefully it will be sorted soon. Regards, Gordon=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9695BE88-A3E7-498D-8A5A-92BCB2E79DBD>