From owner-cvs-ports@FreeBSD.ORG Thu Aug 5 14:57:46 2004 Return-Path: Delivered-To: cvs-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55A7D16A4CE; Thu, 5 Aug 2004 14:57:46 +0000 (GMT) Received: from fillmore.dyndns.org (port-212-202-50-15.dynamic.qsc.de [212.202.50.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFFC843D54; Thu, 5 Aug 2004 14:57:45 +0000 (GMT) (envelope-from eikemeier@fillmore-labs.com) Received: from dhcp-11.local ([172.16.0.11]) by fillmore.dyndns.org with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 4.41 (FreeBSD)) id 1Bsjge-000GTZ-1D; Thu, 05 Aug 2004 16:57:45 +0200 Date: Thu, 5 Aug 2004 16:59:10 +0200 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) To: dirk.meyer@dinoex.sub.org (Dirk Meyer) From: Oliver Eikemeier In-Reply-To: Message-Id: <01FE6C57-E6F0-11D8-9C56-00039312D914@fillmore-labs.com> Content-Transfer-Encoding: 7bit User-Agent: KMail/1.5.9 cc: cvs-ports@FreeBSD.org cc: cvs-all@FreeBSD.org cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/portaudit-db/database portaudit.txt X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Aug 2004 14:57:46 -0000 Dirk Meyer wrote: > Oliver Eikemeier schrieb:, > >> Btw, both files >> security/vuxml/vuln.xml >> and >> security/portaudit-db/database/portaudit.txt >> can be modified by every committer without approval of the maintainers >> of the respective ports. Perhaps they should be moved to a more >> prominent place, or this should be stated more clearly in the Porters >> Handbook / comments in the respective files. > > The "Porters Handbook" has a diffrent statement on this: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters- > handbook/security-notify.html > > -------------------- > 16.3.4 If VuXML still scares you... > > As an easy alternative to writing VuXML, you may opt to add a single > line > to a different file with much simpler syntax, > PORTSDIR/security/portaudit- > /database/portaudit.txt, which resides within the port > security/portaudit-db, > and send a request for review to the Security Officer Team as described > on the FreeBSD Security Information page. > > -------------------- > > This I read as "Approval by Security Officer" needed. It should read `add a single line [...], and *then* send a request for review'. Since I participated in writing this chapter (although the credits for doing most if the work should go to Yar Tikhiy ), and this is *my* file I should know... -Oliver