Date: Sun, 14 Nov 2004 19:13:14 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Matthias Andree <ma@dt.e-technik.uni-dortmund.de> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: New 5.x packages uploaded Message-ID: <20041115031314.GA43451@xor.obsecurity.org> In-Reply-To: <m3d5yfvmjk.fsf@merlin.emma.line.org> References: <20041115005016.GA4384@xor.obsecurity.org> <m3d5yfvmjk.fsf@merlin.emma.line.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--1yeeQ81UyVL57Vl7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 15, 2004 at 04:06:07AM +0100, Matthias Andree wrote: > Kris Kennaway <kris@obsecurity.org> writes: >=20 > > I've uploaded new packages for 5.3-stable; they'll make their way onto > > the ftp mirrors over the next day or so. Included are the new > > versions of GNOME and KDE, among others. >=20 > BTW, are we getting long-standing security issues in ports fixed, for > instance cups-base, open-motif, others? Yeah I know send patches, but my > ressources are limited and committers are also overworked already... >=20 > The general question I'd like to raise is how long will we allow ports > with known security flaws linger around before they are marked BROKEN? In general serious security flaws should be marked FORBIDDEN immediately, and they generally are. Fixing the security issues is up to the community. Kris --1yeeQ81UyVL57Vl7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBmB7KWry0BWjoQKURAgVCAJ44n/aXhwM5nH3ahQ3/xvFXO6rSBgCeM49S ym/iyWPMXZJOwiFWQdGC/bI= =eJRk -----END PGP SIGNATURE----- --1yeeQ81UyVL57Vl7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041115031314.GA43451>