From owner-freebsd-vuxml@FreeBSD.ORG Mon Sep 13 19:05:29 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E79416A4CE for ; Mon, 13 Sep 2004 19:05:29 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 446B743D1F for ; Mon, 13 Sep 2004 19:05:29 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id B754854887; Mon, 13 Sep 2004 14:05:28 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 42182-01; Mon, 13 Sep 2004 14:05:18 -0500 (CDT) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id 06B7D5485D; Mon, 13 Sep 2004 14:05:18 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id C6D2B6D466; Mon, 13 Sep 2004 14:05:09 -0500 (CDT) Date: Mon, 13 Sep 2004 14:05:09 -0500 From: "Jacques A. Vidrine" To: Dan Langille Message-ID: <20040913190509.GK71191@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Dan Langille , freebsd-vuxml@freebsd.org References: <20040913123610.G22240@xeon.unixathome.org> <20040913174748.GC71191@madman.celabo.org> <20040913135431.F22240@xeon.unixathome.org> <20040913183627.GG71191@madman.celabo.org> <20040913144103.U22240@xeon.unixathome.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040913144103.U22240@xeon.unixathome.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-vuxml@freebsd.org Subject: Re: Matching a name to a port X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2004 19:05:29 -0000 On Mon, Sep 13, 2004 at 02:56:10PM -0400, Dan Langille wrote: > FreshPorts knows nothing about ImageMagick-nox11 because there is no such > port. It knows only about ImageMagick, against which commits are made. > > Proposed approach for FreshPorts: I think FreshPorts will ignore package > entries for which it cannot find a corresponding port. If all packages > for a vuln fail to relate to a port, that will be something which > justifies further investigation. I think that is a reasonable approach. [...] > Yep, I've had them in mind too, and was wondering how they did it. They > have the advantage of a list of installed packages/ports. FreshPorts does > not. I now think that's OK. Right, they are looking either at already-installed packages, or perhaps at about-to-be-installed packages. In both cases, the actual package name is already available. [...] > FreshPorts has never stored that information. I see now that it will have > to. With luck, this information will be pretty static over the life of a > port and everything will just fall into place with respect to historical > entries. /me crosses fingers :-) [...] > > I'm not sure what you mean :-( Maybe you mean once you have the package > > names correlated to port names within FreshPorts, later moves will be > > "caught" automatically? > > Yes. It's hard to phrase. For example, you can view deleted ports in > FreshPorts, which will retain the history. OK, I think I follow. Thanks!! Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org