From owner-cvs-all@FreeBSD.ORG Sat Apr 3 09:01:00 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B12C16A4CF; Sat, 3 Apr 2004 09:01:00 -0800 (PST) Received: from ftp.bjpu.edu.cn (ftp.bjpu.edu.cn [202.112.78.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC84343D45; Sat, 3 Apr 2004 09:00:59 -0800 (PST) (envelope-from delphij@frontfree.net) Received: from localhost (localhost [127.0.0.1]) by ftp.bjpu.edu.cn (Postfix) with ESMTP id 27FAB52A4; Sun, 4 Apr 2004 01:00:58 +0800 (CST) Received: from ftp.bjpu.edu.cn ([127.0.0.1]) by localhost (ftp.bjpu.edu.cn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27186-08; Sun, 4 Apr 2004 01:00:55 +0800 (CST) Received: from beastie.frontfree.net (beastie.frontfree.net [218.107.145.7]) by ftp.bjpu.edu.cn (Postfix) with ESMTP id 653AD52A0; Sun, 4 Apr 2004 01:00:54 +0800 (CST) Received: from localhost (localhost [127.0.0.1]) by beastie.frontfree.net (Postfix) with ESMTP id D1D0D115E3; Sun, 4 Apr 2004 01:00:53 +0800 (CST) Received: from beastie.frontfree.net ([127.0.0.1]) by localhost (beastie.frontfree.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00439-05; Sun, 4 Apr 2004 01:00:51 +0800 (CST) Received: by beastie.frontfree.net (Postfix, from userid 1001) id 2A8E5121D2; Sun, 4 Apr 2004 01:00:51 +0800 (CST) Date: Sun, 4 Apr 2004 01:00:50 +0800 From: Xin LI To: "Simon L. Nielsen" Message-ID: <20040403170050.GC2898@frontfree.net> References: <200404031621.i33GLXi0093774@repoman.freebsd.org> <20040403163003.GE870@zaphod.nitro.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jCrbxBqMcLqd4mOl" Content-Disposition: inline In-Reply-To: <20040403163003.GE870@zaphod.nitro.dk> User-Agent: Mutt/1.4.2.1i X-GPG-key-ID/Fingerprint: 0xCAEEB8C0 / 43B8 B703 B8DD 0231 B333 DC28 39FB 93A0 CAEE B8C0 X-GPG-Public-Key: http://www.delphij.net/delphij.asc X-Operating-System: FreeBSD beastie.frontfree.net 5.2-CURRENT FreeBSD 5.2-CURRENT #58: Fri Mar 19 12:18:47 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386 X-URL: http://www.delphij.net X-By: delphij@beastie.frontfree.net X-Location: Beijing, China X-Virus-Scanned: by Frontfree Secure Mail II at frontfree.net X-Virus-Scanned: by amavisd-new at frontfree.net cc: doc-committers@FreeBSD.org cc: Marc Fonvieille cc: cvs-all@FreeBSD.org cc: cvs-doc@FreeBSD.org Subject: Re: cvs commit: doc/en_US.ISO8859-1/books/handbook/ports chapter.sgml X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Apr 2004 17:01:00 -0000 --jCrbxBqMcLqd4mOl Content-Type: multipart/mixed; boundary="kfjH4zxOES6UT95V" Content-Disposition: inline --kfjH4zxOES6UT95V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Apr 03, 2004 at 06:30:04PM +0200, Simon L. Nielsen wrote: >=20 > On 2004.04.03 08:21:33 -0800, Marc Fonvieille wrote: > > blackend 2004/04/03 08:21:33 PST > >=20 > > FreeBSD doc repository > >=20 > > Modified files: > > en_US.ISO8859-1/books/handbook/ports chapter.sgml=20 > > Log: > > Add some warnings: people should check http://vuxml.freebsd.org/ befo= re > > installing any application. >=20 > Isn't that a bit overkill? Ports that have security issues are marked > FORBIDDEN so users can't install them. If people want extra securirty > they can use portaudit which checks the vuxml databases automatically. >=20 > I also think it would be very hard to check vuxml manually in many > cases, since ports can have a lot of dependencies, which might also > contain security problems. I think we'd better introduce portaudit to users, so I'd proposal the patch attached. Cheers, --=20 Xin LI http://www.delphij.net/ See complete headers for GPG key and other information. --kfjH4zxOES6UT95V Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=patch-ports-handbook Content-Transfer-Encoding: quoted-printable Index: en_US.ISO8859-1/books/handbook/ports/chapter.sgml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/ports/chapter.sgml,v retrieving revision 1.216 diff -u -r1.216 chapter.sgml --- en_US.ISO8859-1/books/handbook/ports/chapter.sgml 3 Apr 2004 16:21:33 -= 0000 1.216 +++ en_US.ISO8859-1/books/handbook/ports/chapter.sgml 3 Apr 2004 16:59:48 -= 0000 @@ -218,6 +218,11 @@ Before installing any application, you should check for security issues related to your application. + You can also install security/porta= udit + which will automatically check all installed packages/ports, and + before you are building a port. Meanwhile, you can have a + portaudit -F -a after you have installed some + packages. =20 The remainder of this chapter will explain how to use @@ -754,6 +759,14 @@ an up-to-date ports collection and you should check for security issues related to your port. + This can be automatically done by portaudit + which could be founded in security/portaudit. Consider running + portaudit -F before you are installing a + new port, and the ports system will check the port for + security issues for you automatically. As a bonus, a security + audit will be sent with your periodic mail everyday to report + whether new problems are found. =20 --kfjH4zxOES6UT95V-- --jCrbxBqMcLqd4mOl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAbu3COfuToMruuMARAtmWAJsH7dU+onXLqOPPdUEBWgRcSyD7qACfUccm 58o+0xLiy6n8CKwYQ9PBML4= =Vif6 -----END PGP SIGNATURE----- --jCrbxBqMcLqd4mOl--