From owner-freebsd-security@FreeBSD.ORG Wed Jun 10 07:07:45 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 801F6925 for ; Wed, 10 Jun 2015 07:07:45 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1615E10E2 for ; Wed, 10 Jun 2015 07:07:45 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: by wgv5 with SMTP id 5so28337807wgv.1 for ; Wed, 10 Jun 2015 00:07:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=G1EPSctP7wbmPbZEXphTZ5Z+CeaS3KcgE6RZlk8gfxo=; b=ZxoA788/BUXKCtRuIjSU3xJbaXdP9odWO9jlQMaZkID0LuMSl8pdLD4yml8S90lfy9 LderyounvWZBN5iQ/iUphMTYNrgK7xMt8eH+EB5mhzPwG6tVoAKx7Wo7XAIBi7tP6avb 2Hxb2apxPvvIKALOfejFhrMUpezf7IS+qZmGk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=G1EPSctP7wbmPbZEXphTZ5Z+CeaS3KcgE6RZlk8gfxo=; b=WSJsqM8AulIlYGal+/8QJb1dTMN5V/vqrcq47zSX1YqezW7js7GAoqwUyDZYajTz4r Q5APTRz7xhIe7deRN152HuK4lIdxA6zjf5CRVq7JfcRz0uTjkcBF33zFo5bYS3md8W9R BRI3NKfVLWad4NytEHEssA3CY4Nt1EUDEK3onouc+JQ9Xlcl9UeKw31mJaAMHpyhHeq8 pJ1thlOA3QxfUheA8DmsY+VXcSvN0kdsyTr4WSKJt7UjUQnEkyxjIBQM5NRkyayUozyO /VJYuLV+GD0mzRy4tdVEzNusYTTy0aiX6pW0SRvOurNUrcuqriJs+jD7344B+jVmOM0W jEtg== X-Gm-Message-State: ALoCoQkDeKY7dmWskjuVp5SuA3LRgSvFC77XeN8lqJJeRdaSDP39LzdfG/XnvJ6mRqeAke9Zz3Mk X-Received: by 10.181.13.172 with SMTP id ez12mr5181695wid.91.1433920063255; Wed, 10 Jun 2015 00:07:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.65.85 with HTTP; Wed, 10 Jun 2015 00:07:12 -0700 (PDT) In-Reply-To: <1433914224.244626.291502609.0C780DD0@webmail.messagingengine.com> References: <557625CA.8030206@delphij.net> <1433914224.244626.291502609.0C780DD0@webmail.messagingengine.com> From: Eitan Adler Date: Wed, 10 Jun 2015 00:07:12 -0700 Message-ID: Subject: Re: Ports Secteam To: Mark Felder Cc: "freebsd-security@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2015 07:07:45 -0000 On 9 June 2015 at 22:30, Mark Felder wrote: > > How do we make the ports-secteam effective again? Team members? > Infrastructure? New documentation and procedures? ports-secteam's scope has grown since it was created. The team needs new, active, members to be able to deal with the VuXML and quarterly branch portion of its work. We also need to creating tooling to make this easier: for instance it would be really awesome to automatically create VuXML entries from CVE/CPE data. > However, I'm not sure > "number of commits" is necessarily a valuable metric when considering > candidates... I agree. I *am* active as a ports-security member: I monitor relevent open & closed security lists for concerns that may affect FreeBSD. In addition I watch pkgng development for new security concerns. That said, I havn't committed to the ports tree very much lately. -- Eitan Adler