Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 29 Mar 2004 20:14:29 +0200
From:      Oliver Eikemeier <eikemeier@fillmore-labs.com>
To:        "Jacques A. Vidrine" <nectar@FreeBSD.org>
Cc:        Oliver Eikemeier <eik@FreeBSD.org>
Subject:   Re: cvs commit: ports/multimedia/xine Makefile
Message-ID:  <40686785.7020002@fillmore-labs.com>
In-Reply-To: <20040329163309.GA81526@madman.celabo.org>
References:  <200403282344.i2SNi6Hq047722@repoman.freebsd.org> <20040329163309.GA81526@madman.celabo.org>
index | next in thread | previous in thread | raw e-mail 

Jacques A. Vidrine wrote:

> On Sun, Mar 28, 2004 at 03:44:06PM -0800, Oliver Eikemeier wrote:
> 
>>eik         2004/03/28 15:44:06 PST
>>
>>  FreeBSD ports repository
>>
>>  Modified files:
>>    multimedia/xine      Makefile 
>>  Log:
>>  Mark forbidden due to an entry in the VuXML database. Don't
>>  forget to add the version which fixes the issues there.
> 
> FWIW:
> 
> I didn't mark this port FORBIDDEN when I added the issue to the
> database because some issues are not very severe.  For example, this
> issue has practically no impact on single user systems, and quite
> possibly no impact on any FreeBSD user anywhere.  Marking the port
> FORBIDDEN in this case seems extreme.

It's in the official FreeBSD vulnerability database.

> I'd prefer to reserve FORBIDDEN for those cases where the ports
> present some danger.  Those who want a more strict policy can use
> portaudit or similar, right?

I guess we have to add a severity tag then, to enable `soft' vulnerabilities.
I have an automated script that barks on unmarked vulnerabilities, and it can't
decide which vulnerability is `important'.

>>  http://people.freebsd.org/~eik/portaudit/fde53204-7ea6-11d8-9645-0020ed76ef5a.html
> 
> By the way, I'd appreciate it if you'd point to the VuXML site instead
> (the URLs are `permanent').
> 
>    http://vuxml.freebsd.org/
>    http://vuxml.freebsd.org/fde53204-7ea6-11d8-9645-0020ed76ef5a.html

These are generated by the same script that generates the portaudit database, so
they will never go out of sync.

Oliver
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40686785.7020002>