From owner-freebsd-stable@FreeBSD.ORG Mon Nov 15 03:16:44 2004 Return-Path: <owner-freebsd-stable@FreeBSD.ORG> Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E529D16A4CE for <stable@freebsd.org>; Mon, 15 Nov 2004 03:16:43 +0000 (GMT) Received: from ns.nnt.ru (ns.nnt.ru [217.72.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98BFC43D1D for <stable@freebsd.org>; Mon, 15 Nov 2004 03:16:43 +0000 (GMT) (envelope-from nobody@ns.nnt.ru) Received: from drweb by ns.nnt.ru with drweb-scanned (Exim 3.36 #1) id 1CTXLG-000IsM-00 for stable@freebsd.org; Mon, 15 Nov 2004 06:15:46 +0300 Received: from nobody by ns.nnt.ru with local (Exim 3.36 #1) id 1CTXLG-000Irn-00; Mon, 15 Nov 2004 06:15:46 +0300 Received: from mx2.freebsd.org ([216.136.204.119]) by ns.nnt.ru with esmtp (Exim 3.36 #1) id 1CTXLF-000IrR-00 for goblin@nnt.ru; Mon, 15 Nov 2004 06:15:45 +0300 Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 828EF570BB; Mon, 15 Nov 2004 03:15:36 +0000 (GMT) (envelope-from owner-freebsd-ports@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 6F1B416A51F; Mon, 15 Nov 2004 03:15:30 +0000 (GMT) Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDBAB16A4CE; Mon, 15 Nov 2004 03:10:28 +0000 (GMT) Received: from obsecurity.dyndns.org[69.194.102.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id A80B643D45; Mon, 15 Nov 2004 03:10:28 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 9B95B5140D; Sun, 14 Nov 2004 19:13:14 -0800 (PST) Date: Sun, 14 Nov 2004 19:13:14 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Matthias Andree <ma@dt.e-technik.uni-dortmund.de> Message-ID: <20041115031314.GA43451@xor.obsecurity.org> References: <20041115005016.GA4384@xor.obsecurity.org> <m3d5yfvmjk.fsf@merlin.emma.line.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="1yeeQ81UyVL57Vl7" Content-Disposition: inline In-Reply-To: <m3d5yfvmjk.fsf@merlin.emma.line.org> User-Agent: Mutt/1.4.2.1i X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Errors-To: owner-freebsd-ports@freebsd.org X-bogoflag: true X-2Bogosity: No, tests=bogofilter, spamicity=0.564553, version=0.92.8 cc: ports@freebsd.org cc: stable@freebsd.org cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: New 5.x packages uploaded X-BeenThere: freebsd-stable@freebsd.org List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable> List-Post: <mailto:freebsd-stable@freebsd.org> List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, <mailto:freebsd-stable-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 15 Nov 2004 03:16:44 -0000 --1yeeQ81UyVL57Vl7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 15, 2004 at 04:06:07AM +0100, Matthias Andree wrote: > Kris Kennaway <kris@obsecurity.org> writes: >=20 > > I've uploaded new packages for 5.3-stable; they'll make their way onto > > the ftp mirrors over the next day or so. Included are the new > > versions of GNOME and KDE, among others. >=20 > BTW, are we getting long-standing security issues in ports fixed, for > instance cups-base, open-motif, others? Yeah I know send patches, but my > ressources are limited and committers are also overworked already... >=20 > The general question I'd like to raise is how long will we allow ports > with known security flaws linger around before they are marked BROKEN? In general serious security flaws should be marked FORBIDDEN immediately, and they generally are. Fixing the security issues is up to the community. Kris --1yeeQ81UyVL57Vl7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBmB7KWry0BWjoQKURAgVCAJ44n/aXhwM5nH3ahQ3/xvFXO6rSBgCeM49S ym/iyWPMXZJOwiFWQdGC/bI= =eJRk -----END PGP SIGNATURE----- --1yeeQ81UyVL57Vl7--