From owner-freebsd-security@FreeBSD.ORG  Sun May  2 12:36:09 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2D00E16A4CF
	for <freebsd-security@FreeBSD.org>;
	Sun,  2 May 2004 12:36:09 -0700 (PDT)
Received: from gw.celabo.org (gw.celabo.org [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B47BE43D49
	for <freebsd-security@FreeBSD.org>;
	Sun,  2 May 2004 12:36:08 -0700 (PDT)
	(envelope-from nectar@celabo.org)
Received: from madman.celabo.org (madman.celabo.org [10.0.1.111])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified))
	by gw.celabo.org (Postfix) with ESMTP
	id 3701C54840; Sun,  2 May 2004 14:36:08 -0500 (CDT)
Received: by madman.celabo.org (Postfix, from userid 1001)
	id CEF816FB63; Sun,  2 May 2004 14:36:07 -0500 (CDT)
Date: Sun, 2 May 2004 14:36:07 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: Xin LI <delphij@frontfree.net>
Message-ID: <20040502193607.GB33431@madman.celabo.org>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	Xin LI <delphij@frontfree.net>, freebsd-security@FreeBSD.org
References: <20040502172910.GA775@frontfree.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040502172910.GA775@frontfree.net>
X-Url: http://www.celabo.org/
User-Agent: Mutt/1.5.6i
cc: freebsd-security@FreeBSD.org
Subject: Re: What's our current policy on ports FORBIDDEN knob?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 May 2004 19:36:09 -0000

On Mon, May 03, 2004 at 01:29:10AM +0800, Xin LI wrote:
> Greetings,
> 
> I'm a little curious about the way FORBIDDEN knob is used in ports system.
> Traditionally, we use it to mark a port which have known security issue,
> with the new vuxml mechanism, are we still doing the same thing when
> necessary? Or, only the "critical" ones, for example, remote exploitable
> buffer overruns, etc?
> 
> If the second assumption (only critical ones are marked FORBIDDEN)
> is true, then what's our criteria of what should be marked FORBIDDEN
> or not? Say, how serious a bug should be before a port is marked
> FORBIDDEN?
> 
> Someone who knows about these things please clarify this. Thanks in advance!

The VuXML document is used to record practically all security issues,
large or small.

FORBIDDEN is more subjective.  Personally, I mark a port FORBIDDEN if
I believe it presents immediate danger to users.

Cheers,
-- 
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org