From owner-freebsd-doc@FreeBSD.ORG Sat Aug 12 11:48:26 2006 Return-Path: X-Original-To: freebsd-doc@freebsd.org Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D916316A4DD for ; Sat, 12 Aug 2006 11:48:26 +0000 (UTC) (envelope-from ady@fwd.ady.ro) Received: from nf-out-f131.google.com (nf-out-f131.google.com [64.233.182.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAA0943D5E for ; Sat, 12 Aug 2006 11:48:12 +0000 (GMT) (envelope-from ady@fwd.ady.ro) Received: by nf-out-f131.google.com with SMTP id l6so58183nfa for ; Sat, 12 Aug 2006 04:48:11 -0700 (PDT) Received: by 10.78.127.6 with SMTP id z6mr2555780huc; Sat, 12 Aug 2006 04:48:10 -0700 (PDT) Received: by 10.78.159.8 with HTTP; Sat, 12 Aug 2006 04:48:10 -0700 (PDT) Message-ID: <9e01a0da0608120448t7a82d8b9y8379a194d8d14a52@mail.gmail.com> Date: Sat, 12 Aug 2006 14:48:10 +0300 From: "Adrian Penisoara" Sender: ady@fwd.ady.ro To: "Simon L. Nielsen" In-Reply-To: <20060812112024.GA1076@zaphod.nitro.dk> MIME-Version: 1.0 References: <20060810132435.GB2636@rabbit> <44DB9955.10102@FreeBSD.org> <20060810204943.GG2164@rabbit> <9e01a0da0608110010nb48e90fra21f149b836d32fa@mail.gmail.com> <20060812112024.GA1076@zaphod.nitro.dk> X-Google-Sender-Auth: 1784d768a9642a9d Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org, freebsd-doc@freebsd.org Subject: Re: Ports security [was: Ports/source dance] X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 11:48:26 -0000 Hi, On 8/12/06, Simon L. Nielsen wrote: > > > > > What would the FreeBSD security officer say about this ? > > I was not on freebsd-isp, so I hadn't seen the start of this thread. > > Ports security issues should go to either freebsd-ports@, > freebsd-security@, or directly to the FreeBSD Security Team at > secteam@FreeBSD.org, if you want to catch the attention of the > Security Team. > > I don't currently see enough volume with regards to ports security > issues to warrant a separate mailing list. I think using > freebsd-security@ should be fine, and we can always create a new list > if needed. > > With regards to a separate security team for ports, it has been > discussed in the past, but so far hasn't been created mainly since it > haven't been a problem for secteam members working on ports just being > part of the "normal" secteam, while only/mostly working on ports > issues. > > It would be very nice if more people helped out with the ports side of > FreeBSD security, but when we had the last call for volunteers among > committers there weren't a lot of people volunteering to help out with > ports as part of the Security Team. > > That said, it's certainly no requirement to be a committer or to be > part of secteam to help out. Just create VuXML entries [1] [2] and > send them to freebsd-vuxml@FreeBSD.org or secteam@FreeBSD.org for > review and commit, or fix issues and send patches as PR's where > secteam is CC'ed. -- > Simon L. Nielsen > FreeBSD Deputy Security Officer > Thanks for the well-written response. I think at least part of it should make it into the FreeBSD Security Information page ( http://www.freebsd.org/security/ ) since currently there is just a simple reference towards VuXML for ports security. My 2cents, Adrian Penisoara Ady (@freebsd.ady.ro, @rofug.ro)