From owner-cvs-ports@FreeBSD.ORG Tue Sep 26 18:57:54 2006 Return-Path: X-Original-To: cvs-ports@freebsd.org Delivered-To: cvs-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C3BE16A4A0 for ; Tue, 26 Sep 2006 18:57:54 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE1CD43DA9 for ; Tue, 26 Sep 2006 18:57:34 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by py-out-1112.google.com with SMTP id o67so3031557pye for ; Tue, 26 Sep 2006 11:57:34 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Ai2zGF1Nrx4THIJQ5fRUW7maC+T/9lyV6otoib8GmKVYiUp1qgASjz8esd6e7YnjlVAKZJ8pMXMSCDSApV2mXtfEkgZS7V/DSa7ee5mjlqmzvAIpOctBv05pnufThtcIZc4yGP4OgbZ8sKLPVsgPxa/9RppnsHOVMk6tYWhayUE= Received: by 10.35.80.20 with SMTP id h20mr1410333pyl; Tue, 26 Sep 2006 11:57:33 -0700 (PDT) Received: by 10.35.119.12 with HTTP; Tue, 26 Sep 2006 11:57:33 -0700 (PDT) Message-ID: Date: Tue, 26 Sep 2006 22:57:33 +0400 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: "Simon L. Nielsen" In-Reply-To: <20060926182244.GD8931@zaphod.nitro.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200609260527.k8Q5RG9C078413@repoman.freebsd.org> <20060926165741.GA8931@zaphod.nitro.dk> <20060926182244.GD8931@zaphod.nitro.dk> X-Google-Sender-Auth: 1010c985a0d39688 Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2006 18:57:54 -0000 On 9/26/06, Simon L. Nielsen wrote: > On 2006.09.26 21:37:52 +0400, Andrew Pantyukhin wrote: > > On 9/26/06, Simon L. Nielsen wrote: > > >On 2006.09.26 05:27:16 +0000, Andrew Pantyukhin wrote: > > >> sat 2006-09-26 05:27:16 UTC > > >> > > >> FreeBSD ports repository > > >> > > >> Modified files: > > >> security/vuxml vuln.xml > > >> Log: > > >> - Update the unace advisory > > > > > >Why did you add the Secunia advisory in the body? Isn't it just > > >different wording for the same issues? > > > > The original advisory is only for 1.x. Secunia added some info > > about 2.x. > > OK. I think the first two paragraph's could just have been ommitted > from the Secunia blockquote to avoid too much duplicated info. > > > >Also, it's generally a bad idea to use if the port isn't fixed > > >since you risk someone bumping port reversion etc. and therefor > > >marking the port as fixed when it really isn't. > > > > I understand. I used because (1) this is a binary port and > > there won't be a patch and a bump, so version+bump > > does not make sense, (2) the bug has been confirmed in <=2.5 > > only, and winace team is not very public about security fixes, > > (3) I'm the maintainer and I think the port has outlived its > > usefulness, so I scheduled it for removal in a month unless > > we are surprised by a brand new unace binary. > > > > If you think that 0 or something like that is better, please > > tell me and I'll fix the advisory. > > I agree that it probably isn't a problem, but I prefer better safe > than sorry. Wrt. (1) above there could still be a patch level bump in > theory due to other problems issues e.g. something in the port > infrastructure which caused patch level to be bumped (not really a > problem here due to (3), but still). > > So, I prefer if this was changes, also in case people look at the > entry at a later point then it's better to have a good example :-). Done, thanks!