From owner-freebsd-pkg@freebsd.org Fri Aug 11 15:14:33 2017 Return-Path: Delivered-To: freebsd-pkg@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9D6D2DD5288; Fri, 11 Aug 2017 15:14:33 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from smtp-out.elvandar.org (gandalf.elvandar.org [149.210.225.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 40F3F76269; Fri, 11 Aug 2017 15:14:32 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from mail1.elvandar.org (mail1.elvandar.org [IPv6:2001:470:d701::3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-out.elvandar.org (Postfix) with ESMTPS id 0C0E44707BD; Fri, 11 Aug 2017 17:14:29 +0200 (CEST) Received: from [10.0.2.17] (f239026.upc-f.chello.nl [80.56.239.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail1.elvandar.org (Postfix) with ESMTPSA id 45B7620C39; Fri, 11 Aug 2017 17:14:28 +0200 (CEST) From: Remko Lodder Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_053F32CE-BC04-4500-AC9C-41D79BFFB0AC"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: pkg audit false negatives Date: Fri, 11 Aug 2017 17:14:28 +0200 In-Reply-To: Cc: freebsd-security@freebsd.org, freebsd-pkg@freebsd.org To: Roger Marquis References: X-Mailer: Apple Mail (2.3273) X-Rspamd-Queue-Id: 0C0E44707BD X-Spamd-Result: default: False [-6.43 / 15.00] RCVD_NO_TLS_LAST(0.00)[] HAS_ATTACHMENT(0.00)[] RCVD_COUNT_TWO(0.00)[2] FROM_HAS_DN(0.00)[] DMARC_NA(0.00)[FreeBSD.org] BAYES_HAM(-3.00)[100.00%] RCPT_COUNT_THREE(0.00)[3] MV_CASE(0.50)[] R_SPF_SOFTFAIL(0.00)[~all] TO_DN_SOME(0.00)[] MID_RHS_MATCH_FROM(0.00)[] TO_MATCH_ENVRCPT_ALL(0.00)[] RCVD_VIA_SMTP_AUTH(0.00)[] ARC_NA(0.00)[] ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] FROM_EQ_ENVFROM(0.00)[] RECEIVED_SPAMHAUS(0.00)[26.239.56.80.zen.spamhaus.org] IP_SCORE(-3.73)[ip: (-8.76), ipnet: 2001:470::/32(-6.86), asn: 6939(-2.29), country: US(-0.74)] MIME_GOOD(-0.20)[multipart/signed,text/plain] R_DKIM_NA(0.00)[] X-Rspamd-Server: mx2.jr-hosting.nl X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2017 15:14:33 -0000 --Apple-Mail=_053F32CE-BC04-4500-AC9C-41D79BFFB0AC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Roger, > On 11 Aug 2017, at 04:41, Roger Marquis wrote: >=20 > In the past pkg-audit and even pkg-version have not been reliable = tools > where installed ports or packages have been subsequently discontinued = or > renamed. Today, however, I notice that dovecot2 is still showing up = in > the output of pkg-version despite the port having been renamed to > dovecot (without the numeric suffix) several days ago. Yes, there is a difference between renaming a port, and renaming the = vuxml (which is the database behind pkg audit etc.) entries. The entries are listed as = =E2=80=98dovecot2-*=E2=80=99 there and when renaming a port these entries should ideally be renamed too. It seems that that was not under consideration at the name change = moment(s). I=E2=80=99ll try to look into this (starting by prodding the person(s) = who did the rename) and asking them to rename the entries in vuxml as well. >=20 > Does this mean there has been a policy change? If so does it cover > pkg-audit as well? There had been no policy change. The application backend is just = matching on what was recorded at the moment it was added. Thanks for the notification though, we should add that to the = porters-handbook. Cheers REmko >=20 > Roger > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" --Apple-Mail=_053F32CE-BC04-4500-AC9C-41D79BFFB0AC Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZjcnUAAoJEHE1jtY/d0B5a7wP/jwjkobRgj1I4m471O5zFjEk h/gWhQlALUQSEOO2R/s4UlQDVDtbq4y+4IW0NVGBjps5JiYF8IQNMLtdhsM59TU+ XyQ+qLJKecTCX/pxIdgHg0ZwMnl5mvtozixMR41DVVHogxfaPjyiH0YhHBz0VMhG Q6P9sqY0N1aTBEg60yd0BB5zJ5OY4N3MX+sODxDif114RHly5codset2HRnESUhm Isv7bBw0463M2zjOHE94NuAJy7/bkep6IZ7HjyWAy6yBcIQ9AlHq9LzKvIlL7cZ4 ZBsbHQH7/4jwBzEZYJhu9mIyQn2nCHtmaFEyNpyhghBf/wms0p8y6X/shkLty/HP KaFGZ67azT0mtDR7XCrlNm3ciHeCC/xBWA9LVna+JFNuO5k2UKZn8wTYe34Ix+jl AVuPs2YvWFPrEtvOyi3rvlRABYajYr3pYZjDXZAnS0HBfxQcOAUlTljudoyJv/IV zn0raWOKKGsICYqn0ZndN3LOL6NmLXfZAR8+o6DzP5NCn3zMgNudK7y38uiAcTTy jeLW+O2Eeh+doxW5pHRJQqcjmE/ukZ8kksYankZpScX5joU6DO+XhvmaMH+6pVJ+ dqw9iX4FiW5rrCiIRgsprLl3eFDn67tzM+n7n5yaNlw9ICk2n12BK28K8iqOi5Ct /FCTg4Z5AiqNuCvh23uH =QAqC -----END PGP SIGNATURE----- --Apple-Mail=_053F32CE-BC04-4500-AC9C-41D79BFFB0AC--