From owner-cvs-ports@FreeBSD.ORG Tue Sep 26 17:38:02 2006 Return-Path: X-Original-To: cvs-ports@freebsd.org Delivered-To: cvs-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A7A916A403 for ; Tue, 26 Sep 2006 17:38:02 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B50343D5C for ; Tue, 26 Sep 2006 17:37:53 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by py-out-1112.google.com with SMTP id i75so2807130pye for ; Tue, 26 Sep 2006 10:37:52 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=on9OiQ8rwV7iWhjzIN5AnV/uqYg2vMBg0IVBBQNk02bMpWkVK5DekMROix3ku8D2lp7YSJtGXnByYE58/YpOqAdSTXkOvmZ7fxBUTp13/c2t1NMyBq2cWtLDH9w5zNQ7TC5keWZe7oNTiS3H0W9onarX2Gohc9Gc94M7Kbkvypc= Received: by 10.35.82.15 with SMTP id j15mr1250894pyl; Tue, 26 Sep 2006 10:37:52 -0700 (PDT) Received: by 10.35.119.12 with HTTP; Tue, 26 Sep 2006 10:37:52 -0700 (PDT) Message-ID: Date: Tue, 26 Sep 2006 21:37:52 +0400 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: "Simon L. Nielsen" In-Reply-To: <20060926165741.GA8931@zaphod.nitro.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200609260527.k8Q5RG9C078413@repoman.freebsd.org> <20060926165741.GA8931@zaphod.nitro.dk> X-Google-Sender-Auth: e0a101c99486ec9f Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: infofarmer@FreeBSD.org List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2006 17:38:02 -0000 On 9/26/06, Simon L. Nielsen wrote: > On 2006.09.26 05:27:16 +0000, Andrew Pantyukhin wrote: > > sat 2006-09-26 05:27:16 UTC > > > > FreeBSD ports repository > > > > Modified files: > > security/vuxml vuln.xml > > Log: > > - Update the unace advisory > > Why did you add the Secunia advisory in the body? Isn't it just > different wording for the same issues? The original advisory is only for 1.x. Secunia added some info about 2.x. > Also, it's generally a bad idea to use if the port isn't fixed > since you risk someone bumping port reversion etc. and therefor > marking the port as fixed when it really isn't. I understand. I used because (1) this is a binary port and there won't be a patch and a bump, so version+bump does not make sense, (2) the bug has been confirmed in <=2.5 only, and winace team is not very public about security fixes, (3) I'm the maintainer and I think the port has outlived its usefulness, so I scheduled it for removal in a month unless we are surprised by a brand new unace binary. If you think that 0 or something like that is better, please tell me and I'll fix the advisory. Thanks!