Date: Tue, 08 Jun 2004 11:58:22 +0300 From: Maxim Sobolev <sobomax@portaone.com> To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no> Cc: ports-committers@FreeBSD.ORG Subject: Re: cvs commit: ports/devel/pwlib Makefile ports/devel/pwlib/files ports/net/asterisk Makefile Message-ID: <40C57FAE.3080202@portaone.com> In-Reply-To: <xzp4qpm1nzs.fsf@dwp.des.no> References: <200406080627.i586RiBi065038@repoman.freebsd.org> <xzp8yeypnes.fsf@dwp.des.no> <40C5633D.50204@portaone.com> <xzp4qpm1nzs.fsf@dwp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smørgrav wrote: > Maxim Sobolev <sobomax@portaone.com> writes: > >>Dag-Erling Smørgrav wrote: >> >>>Maxim Sobolev <sobomax@FreeBSD.org> writes: >>> >>>> No reply from: security-officer >>> >>>What kind of reply were you expecting? >> >>I was expecting sort of approval. > > > You're a member of portmgr, and shouldn't need anyone's approval to > commit to the ports tree, especially when the issue is already public. Since it was known security problem and I wanted to commit a fix, I expected that security officers would want to review the fix. >>>BTW, could you please add a vuln.xml entry for this? >> >>Yes, I can, but what exactly should I add? > > > Look at what's already there; it should briefly describe the bug, > specify which versions are affected, and provide references to vendor > information. The bug ID is a DCE UUID, which you can generate with > uuidgen(1). What should I do if I have committed a fix to a vulnerability already documented in vuln.xml? BTW, it probably would be nice if you can document it either in Committer's Handbook or Porter's Handbook. -Maxim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40C57FAE.3080202>