Date: Mon, 16 Aug 2004 18:36:40 +0200 From: Oliver Eikemeier <eikemeier@fillmore-labs.com> To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/portaudit-db/database portaudit.txt portaudit.xlist portaudit.xml Message-ID: <730CE1BB-EFA2-11D8-924A-00039312D914@fillmore-labs.com> In-Reply-To: <20040816145901.GB5482@lum.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jacques A. Vidrine wrote: > [...] > > You keep making this assertion, but you have not given any details. > What gives? For example, why have you duplicated the following entry: > > in ports/security/vuxml/vuln.xml > ``acroread uudecoder input validation error'' > http://vuxml.freebsd.org/78348ea2-ec91-11d8-b913-000c41e2cdad.html > > in ports/security/portaudit-db/database/portaudit.xml > ``Acrobat Reader handling of malformed uuencoded pdf files'' > > http://people.freebsd.org/~eik/portaudit/ab166a60-e60a-11d8-9b0a-000347a4fa7d. > html > > What is it about the original entry that does not "work with portaudit"? I made the entry Aug 4 2004 11:43:15 UTC: <http://cvsweb.freebsd.org/ports/security/portaudit- db/database/portaudit.txt#rev1.69> You've added a copy Aug 12 2004 19:05:51 UTC: <http://cvsweb.freebsd.org/ports/security/vuxml/vuln.xml#rev1.168>; > This is particularly confusing because you somehow claim that the > original entry is "superseded" by yours. > > > http://people.freebsd.org/~eik/portaudit/78348ea2-ec91-11d8-b913-000c41e2cdad. > html > > Why didn't you simply correct the original entry if there is a problem? I decided to mark yours as a duplicate of my entry made eight days before. I try to keep portaudit references permanent. > What are you trying to accomplish, Oliver? I would really like to know > because clearly this situation is not good for our community. A correctly working port auditing system, where users are timely warned of possible vulnerabilities in their installed software. While it might be acceptable when a documentation sometimes leaves out a PORTEPOCH or has false positives for a couple of days, I consider this highly problematic for portaudit and try to fix these things ASAP. What are you trying to accomplish? -Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?730CE1BB-EFA2-11D8-924A-00039312D914>