Date: Tue, 24 Apr 2001 13:06:27 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Sean Chittenden <sean@chittenden.org> Cc: "Bruce A. Mah" <bmah@FreeBSD.ORG>, Kris Kennaway <kris@obsecurity.org>, Calvin NG <calvinng@brel.com>, Sean Chittenden <sean-freebsd-stable@chittenden.org>, Jeff Kletsky <Jeff+freebsd@wagsky.com>, freebsd-stable@FreeBSD.ORG Subject: Re: pkg_version perl hacker project Message-ID: <20010424130627.B91239@xor.obsecurity.org> In-Reply-To: <20010424125858.M19530@rand.tgd.net>; from sean@chittenden.org on Tue, Apr 24, 2001 at 12:58:58PM -0700 References: <Pine.BSF.4.21.0104230806060.27435-100000@wildside.wagsky.com> <20010423231827.A19530@rand.tgd.net> <20010424142340.E5216@brel.com> <20010424014833.B19530@rand.tgd.net> <20010424120052.H89156@xor.obsecurity.org> <200104241907.f3OJ7u103414@bmah-freebsd-0.cisco.com> <2001@=> <20010424125858.M19530@rand.tgd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--4bRzO86E/ozDv8r1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 24, 2001 at 12:58:58PM -0700, Sean Chittenden wrote: > =09 >=20 > On Tue, Apr 24, 2001 at 12:07:56PM -0700, Bruce A. Mah wrote: > > Think about where to put the parsed set of vulnerable packages. >=20 > With this comment, I'm lead to believe that there is no > central place where ports that have been marked as FORBIDDEN resides. > Fact or fiction? Would anyone object to a new ports top level > directory called one of the following (or any combination thereof): FORBIDDEN ports are transitory; once they're fixed, the tag goes away, but the old version of the package still is insecure. People may also not have the ports collection installed at all; they still can be installing vulnerable packages. The only permanent repository of this information is the security advisories which are archived on the FTP site. Kris --4bRzO86E/ozDv8r1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE65dzDWry0BWjoQKURAtaMAJ4nq484W+kzGt4zzYVN8lxGhejECwCdEyoO JB52U+TdXjN7TP4oBrap+oM= =piyv -----END PGP SIGNATURE----- --4bRzO86E/ozDv8r1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010424130627.B91239>