Date: Thu, 18 Mar 2004 07:59:57 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Tobias Roth <roth@iam.unibe.ch> Cc: security@freebsd.org Subject: Re: portaudit Message-ID: <20040318135957.GC11791@lum.celabo.org> In-Reply-To: <20040318082810.GA21089@speedy.unibe.ch> References: <20040317070051.GC716@cowbert.2y.net> <20040318082810.GA21089@speedy.unibe.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 18, 2004 at 09:28:10AM +0100, Tobias Roth wrote: > On Wed, Mar 17, 2004 at 02:00:51AM -0500, Peter C. Lai wrote: > > <snip> > > Seeing as > > the security officer apparently (without announcement) no longer issues > > security notices (SNs) for ports > <snip> > > is this true? no more advisories concerning ports? Advisories concerning ports have not been published for about two years. Most ports issues were very minor, and we wished to reserve advisories for issues affecting all FreeBSD systems--- i.e., software in the base system. The Security Notices were experimentally published to help keep users informed about non-FreeBSD vulnerabilities in packages in the Ports Collection. However, I am sorry to say, that the experiment failed: there were few contributions to security notices, and I was not able to effectively produce them on my own. Thus, I recently created the Vulnerabilities and eXposures Markup Language (VuXML), a format for documenting the vulnerabilities in a software collection such as the FreeBSD Ports Collection. Any ports committer may create entries; any FreeBSD contributor may send-pr entries. Over time, it is expected that ports maintainers will be primarily responsible for tracking security issues in their ports, although the security officer will always act as `Editor' and often add entries also. In this fashion, we should be able to keep users informed of issues in all of our 10,000+ ports. There is still some tweaking going on, but VuXML (and any tools using it, like `portaudit') will be featured in an `official' announcement within a few weeks. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040318135957.GC11791>