From owner-svn-ports-all@freebsd.org Wed Dec 12 15:36:09 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BB9AE1312CE6; Wed, 12 Dec 2018 15:36:09 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 58B736A9FB; Wed, 12 Dec 2018 15:36:09 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from ogg.in.absolight.net (ogg.in.absolight.net [IPv6:2a01:678:ab:50::42:42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: mat/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 91DA26764; Wed, 12 Dec 2018 15:36:08 +0000 (UTC) (envelope-from mat@FreeBSD.org) Date: Wed, 12 Dec 2018 16:36:06 +0100 From: Mathieu Arnold To: Matthew Seaman Cc: Mathieu Arnold , ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r487286 - head/security/vuxml Message-ID: <20181212153606.6tqrvu5v275mqysv@ogg.in.absolight.net> References: <201812120916.wBC9G4Y0075539@repo.freebsd.org> <20181212095700.wn4csjwred4gugme@atuin.in.mat.cc> <5db2345e-c8c0-1b2a-0d3f-40af99219cd4@FreeBSD.org> <20181212103051.xpzsfs3s3mvx2fj5@atuin.in.mat.cc> <3d70d3fe-0c5d-c6aa-c8af-68d3eb1adbc9@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="w6qvlpnbzlx7quok" Content-Disposition: inline In-Reply-To: <3d70d3fe-0c5d-c6aa-c8af-68d3eb1adbc9@FreeBSD.org> User-Agent: NeoMutt/20180622 X-Rspamd-Queue-Id: 58B736A9FB X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-4.94 / 15.00]; NEURAL_HAM_SHORT(-0.94)[-0.941,0]; REPLY(-4.00)[] X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Dec 2018 15:36:10 -0000 --w6qvlpnbzlx7quok Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 12, 2018 at 10:57:12AM +0000, Matthew Seaman wrote: > On 12/12/2018 10:30, Mathieu Arnold wrote: > > On Wed, Dec 12, 2018 at 10:26:29AM +0000, Matthew Seaman wrote: > > > On 12/12/2018 09:57, Mathieu Arnold wrote: > > > > On Wed, Dec 12, 2018 at 09:16:04AM +0000, Matthew Seaman wrote: > > > > > Author: matthew > > > > > Date: Wed Dec 12 09:16:04 2018 > > > > > New Revision: 487286 > > > > > URL: https://svnweb.freebsd.org/changeset/ports/487286 > > > > >=20 > > > > > Log: > > > > > PHP 70 was EoL'd and is no longer in the ports. > > > > > Reported by: joneum > > > >=20 > > > > No longer in trunk, still in the quarterly, please put it back. > > > >=20 > > >=20 > > > It's been put back now. > >=20 > > As a side note, the descriptions in vuxml are not about what currently > > exists, it is about what once existed, so technically, even in two > > years, when recording a flavored php app, one should still mention all > > the previous package names, so that people with old ports tree who have > > not been updated in a while still get a notification that this app is > > vulnerable to something. >=20 > How far back should we take this? >=20 > Is there any limit on how old a ports tree and the packages installed from > it can be and still be expected to be supported by VuXML? Other than the > practical limitation of 'pkg audit' or some equivalent being available? There is technically no limit on how far back this should go, people often only upgrade when really required to. But to stay practical, trying to keep a few months of old package names, so that anything in at least the current quarterly still matches. --=20 Mathieu Arnold --w6qvlpnbzlx7quok Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEOraXidLtEhBkQLpbOkUW81GDzkgFAlwRKuZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNB QjY5Nzg5RDJFRDEyMTA2NDQwQkE1QjNBNDUxNkYzNTE4M0NFNDgACgkQOkUW81GD zkgJng//WzJWWeiZcgNTI1csZEXLkq8PUtN/pgnsW6nzeOKXLDuXhnRixPNzJA2X oHGQpalvPSQJ8RItmzbJOzoPDRogiA/Y8F3NaY9k5UfAr6RiaU+gZUr9R/qmY84n oDzoyKFLnv7HHXfAvndUgcGCIF9ZyEhgAG07L3UcVxM40THWSAzWEMaM7GIqn31Y qTGh7/9GNqhu6YvQHghyhljgUE5y7ds7On1vNoBDSLZ1/a7RWc4PoZV9/6PzAoFC QxafpuXbmjfdMuoWzws7fHh67r2v4pBSAfBgCKKDxf6NfxJIXky4snV77dFA8f6L HirnCGu0GJGsxsCFEMuJHRSNr5m1CT7i6lRAmsdewpz/d4qToA+shq00bnWIsrl1 c1RCCAUKtE5ryVvXHeP2g9XA7ZBkUH1HnRLy1x1ommF5HMmKE/7hbL6FKJePRDkU yVDVnQvYPZUOrDVi9RiRf5uqWPMrbQq8rq60wMrfS+B+/viGNXXYmYjVnmROKRhx +/Sq4OMjVAeqF1wT4eIXIiiJZFPYwC/c63icSew0E/kxIICXaUGREeokiTBER+yh sk/UQTI/WBVINcGdstw/LU9rwWnxpw2g5HW+gdr4bXLUiti8UrFWa2TSgndtneCc BngQtoxcC06lDu5dRDXkj14jFbiF5FYGd4Ve/vPY4s5Bsg4dg/c= =6R1J -----END PGP SIGNATURE----- --w6qvlpnbzlx7quok--