From owner-cvs-all@FreeBSD.ORG Tue Jun 8 08:58:41 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86FDA16A4CE; Tue, 8 Jun 2004 08:58:41 +0000 (GMT) Received: from www.russia.cz (mail.russia.cz [195.70.151.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACF0943D39; Tue, 8 Jun 2004 08:58:40 +0000 (GMT) (envelope-from sobomax@portaone.com) Received: from portaone.com (localhost [127.0.0.1]) (authenticated bits=0) by www.russia.cz (8.12.8p2/8.12.8) with ESMTP id i588wcI6050983; Tue, 8 Jun 2004 10:58:38 +0200 (CEST) (envelope-from sobomax@portaone.com) Message-ID: <40C57FAE.3080202@portaone.com> Date: Tue, 08 Jun 2004 11:58:22 +0300 From: Maxim Sobolev User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en, ru, uk MIME-Version: 1.0 To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= References: <200406080627.i586RiBi065038@repoman.freebsd.org> <40C5633D.50204@portaone.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit cc: cvs-ports@FreeBSD.ORG cc: cvs-all@FreeBSD.ORG cc: ports-committers@FreeBSD.ORG Subject: Re: cvs commit: ports/devel/pwlib Makefile ports/devel/pwlib/files ports/net/asterisk Makefile X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jun 2004 08:58:41 -0000 Dag-Erling Smørgrav wrote: > Maxim Sobolev writes: > >>Dag-Erling Smørgrav wrote: >> >>>Maxim Sobolev writes: >>> >>>> No reply from: security-officer >>> >>>What kind of reply were you expecting? >> >>I was expecting sort of approval. > > > You're a member of portmgr, and shouldn't need anyone's approval to > commit to the ports tree, especially when the issue is already public. Since it was known security problem and I wanted to commit a fix, I expected that security officers would want to review the fix. >>>BTW, could you please add a vuln.xml entry for this? >> >>Yes, I can, but what exactly should I add? > > > Look at what's already there; it should briefly describe the bug, > specify which versions are affected, and provide references to vendor > information. The bug ID is a DCE UUID, which you can generate with > uuidgen(1). What should I do if I have committed a fix to a vulnerability already documented in vuln.xml? BTW, it probably would be nice if you can document it either in Committer's Handbook or Porter's Handbook. -Maxim