From nobody Fri Aug  5 15:56:36 2022
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LzqzZ3BTjz4YJ91
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Fri,  5 Aug 2022 15:59:38 +0000 (UTC)
	(envelope-from fernando.apesteguia@gmail.com)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LzqzY2W5fz3Z9M;
	Fri,  5 Aug 2022 15:59:37 +0000 (UTC)
	(envelope-from fernando.apesteguia@gmail.com)
Received: by mail-ed1-x52c.google.com with SMTP id e13so3874100edj.12;
        Fri, 05 Aug 2022 08:59:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc;
        bh=p3VSw1wIjVGgnIpC027JxE+qGeflZtl49QfK34gSml0=;
        b=M2B4icFWSgLKXhcAaDERuIBmW9ZWWj6nuvxXc7eM+mIkhqEn0sSJRjKphjXxQzrYyl
         NV866m5sAMQbuQLPabd1onyZ0SLRfVFLtkEmGeuXPjqZHrXiVnJ8+dQsL1VV49P7tDQl
         1kg74V34IvrZLRndq4bAviXUpdKuTZEopUzRM0FuS4elK3tDLThlWxXhvt1aJ6ohusYx
         dqMD9s10S2BuZHbxtwxrSgfqtiCRC1yPJMVhilLkF41C8sHWCxUxq0zxS3cNm0mZIBcG
         QsCDCF/yEgpZbV2bWLBJR52dPnmi6vMvdWXcIlrAQywMis61Clcb5s6YOUVlJNNXgZiy
         IJcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc;
        bh=p3VSw1wIjVGgnIpC027JxE+qGeflZtl49QfK34gSml0=;
        b=nVKMOvAy8IYFlOJaWcfbTPHlcnVxXtu/BvdST85AaZyKzOqzqlJ0CULMDcMoTmalPD
         e9y8CAoB1aVpdEC9ElPhJq/QW00BhRPTxOiZf4S1tj8e7SlgnPVWlXfOdLXU9REFsuOT
         Sy4rDrOh1OHnjMmBdVPmVkABlUFi0qHqyjWwSbWMdP+3BNB/izeJnzW9PTbn2n1HawdH
         qb3xUZAaer6uc5sbVmeS+eGc77++AfuRLQJtosqD4eFA0jO2Ut/YU5cyO7DpHaPQ5078
         hTbKPC6ioMG52O2RFPWQcDg2QNGnoP9EITzaa70Y8oc96sfPHavWm4kHLNGpzNsdeMYn
         M6SA==
X-Gm-Message-State: ACgBeo3R+HWj6s47riTIs6wKV1IeteV256pM3d9kbUPnFBy8yFGs0kv1
	FzsnnO1XPtVe+le/GWjmqbk2mMBnbDii0XRj4sjvMsSA
X-Google-Smtp-Source: AA6agR7jW1bmh/YhqLZFuI9hgAiz81hmI6s80noo4Ihzc0p/bNygW3lxpIk0rq0UxYVnL5Y8bKQGC2Doi1R5YKF+n6g=
X-Received: by 2002:a05:6402:2923:b0:43c:d07c:b00b with SMTP id
 ee35-20020a056402292300b0043cd07cb00bmr7398555edb.100.1659715175814; Fri, 05
 Aug 2022 08:59:35 -0700 (PDT)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
References: <CAFDf7ULUz1MoQb470Qfz2R=bcPres9zvkA4_6tfb-vCTcdKXig@mail.gmail.com>
In-Reply-To: <CAFDf7ULUz1MoQb470Qfz2R=bcPres9zvkA4_6tfb-vCTcdKXig@mail.gmail.com>
From: =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernando.apesteguia@gmail.com>
Date: Fri, 5 Aug 2022 17:56:36 +0200
Message-ID: <CAGwOe2b_CtnX7yO7VVeLf4aRFV1A7QMPyU3BojyAhdjPQLLEgg@mail.gmail.com>
Subject: Re: Need opinion on update vuxml
To: Nuno Teixeira <eduardo@freebsd.org>
Cc: FreeBSD Mailing List <freebsd-ports@freebsd.org>
Content-Type: multipart/alternative; boundary="0000000000007b9bdb05e5808d0a"
X-Rspamd-Queue-Id: 4LzqzY2W5fz3Z9M
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=M2B4icFW;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of fernando.apesteguia@gmail.com designates 2a00:1450:4864:20::52c as permitted sender) smtp.mailfrom=fernando.apesteguia@gmail.com
X-Spamd-Result: default: False [-3.18 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-0.996];
	NEURAL_HAM_SHORT(-0.98)[-0.981];
	NEURAL_HAM_MEDIUM(-0.83)[-0.828];
	R_MIXED_CHARSET(0.62)[subject];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112];
	R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	ARC_NA(0.00)[];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::52c:from];
	FROM_HAS_DN(0.00)[];
	TAGGED_FROM(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	TO_DN_ALL(0.00)[];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	FREEMAIL_FROM(0.00)[gmail.com];
	MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org];
	DKIM_TRACE(0.00)[gmail.com:+];
	FROM_EQ_ENVFROM(0.00)[];
	RCPT_COUNT_TWO(0.00)[2];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	RCVD_TLS_LAST(0.00)[];
	RCVD_COUNT_TWO(0.00)[2]
X-ThisMailContainsUnwantedMimeParts: N

--0000000000007b9bdb05e5808d0a
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

El vie., 5 ago. 2022 14:48, Nuno Teixeira <eduardo@freebsd.org> escribi=C3=
=B3:

> Hello,
>
> As a committer do I need secteam approval to update vuxml database?
>

AFAICT you don't need approval, you can make the changes yourself directly.

Cheers

>
> For what I've read in 12.3.1. The VuXML Database
> <https://docs.freebsd.org/en/books/porters-handbook/book/#security-notify=
-vuxml-db>
> :
> ---
> Committers can update the VuXML database themselves, assisting the
> Security Officer Team and delivering crucial information to the community
> more quickly. Those who are not committers or have discovered an
> exceptionally severe vulnerability should not hesitate to contact the
> Security Officer Team directly, as described on the FreeBSD Security
> Information <https://www.freebsd.org/security/#how> page.
> ---
>
> If yes, then I should make some tests do guarantee that new entry is ok:
> ---
> 3. use 'make validate' to verify syntax correctness
>
> Additional tests can be done this way:
>  $ make vuln-flat.xml
>  $ pkg audit -f ./vuln-flat.xml py26-django-1.6 (e.g.)
> ---
>
> PR265526 have an vuxml new entry and I'm waiting for ports-secteam to
> approve.
>
> Thanks in advance,
> --
> Nuno Teixeira
> FreeBSD Committer (ports)
>

--0000000000007b9bdb05e5808d0a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"auto"><div><br><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">El vie., 5 ago. 2022 14:48, Nuno Teix=
eira &lt;<a href=3D"mailto:eduardo@freebsd.org" target=3D"_blank">eduardo@f=
reebsd.org</a>&gt; escribi=C3=B3:<br></div><blockquote class=3D"gmail_quote=
" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><=
div dir=3D"ltr"><div>Hello,</div><div><br></div><div>As a committer do I ne=
ed secteam approval to update vuxml database?</div></div></blockquote></div=
></div><div dir=3D"auto"><br></div><div dir=3D"auto">AFAICT you don&#39;t n=
eed approval, you can make the changes yourself directly.<br></div><div dir=
=3D"auto"><br></div><div>Cheers<br></div><div dir=3D"auto"><div class=3D"gm=
ail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bor=
der-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div><br></div><=
div>For what I&#39;ve read in <a href=3D"https://docs.freebsd.org/en/books/=
porters-handbook/book/#security-notify-vuxml-db" rel=3D"noreferrer" target=
=3D"_blank">12.3.1. The VuXML Database</a>:<br></div><div>---</div><div>Com=
mitters can update the VuXML database themselves, assisting the=20
Security Officer Team and delivering crucial information to the=20
community more quickly.
Those who are not committers or have discovered an exceptionally severe=20
vulnerability should not hesitate to contact the Security Officer Team=20
directly, as described on the <a href=3D"https://www.freebsd.org/security/#=
how" rel=3D"noreferrer" target=3D"_blank">FreeBSD Security Information</a> =
page.</div><div>---</div><div><br></div><div>If yes, then I should make som=
e tests do guarantee that new entry is ok:</div><div>---<br></div><div>3. u=
se &#39;make validate&#39; to verify syntax correctness</div><div><br></div=
>Additional tests can be done this way:<br>=C2=A0$ make vuln-flat.xml<br>=
=C2=A0$ pkg audit -f ./vuln-flat.xml py26-django-1.6 (e.g.)<br><div>---</di=
v><div><br></div><div>PR265526 have an vuxml new entry and I&#39;m waiting =
for ports-secteam to approve.</div><div><br></div><div>Thanks in advance,<b=
r></div><div>-- <br><div dir=3D"ltr" data-smartmail=3D"gmail_signature"><di=
v dir=3D"ltr"><span style=3D"color:rgb(102,102,102)">Nuno Teixeira<br>FreeB=
SD Committer (ports)</span></div></div></div></div>
</blockquote></div></div></div>
</div>

--0000000000007b9bdb05e5808d0a--