Date: Mon, 22 Aug 2016 11:24:51 +0200 From: Gerhard Schmidt <schmidt@ze.tum.de> To: freebsd-security@freebsd.org Subject: Ports EOL vuxml entry Message-ID: <6c3a84dc-5669-039c-6fa1-92565dd47dff@ze.tum.de>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --SaWoUH4GHb0IQ0XSSDE3x4d2fER0KnVNd Content-Type: multipart/mixed; boundary="L6T2np12HcflSTa7cTIqE0NW7XNxe9IMQ" From: Gerhard Schmidt <schmidt@ze.tum.de> To: freebsd-security@freebsd.org Message-ID: <6c3a84dc-5669-039c-6fa1-92565dd47dff@ze.tum.de> Subject: Ports EOL vuxml entry --L6T2np12HcflSTa7cTIqE0NW7XNxe9IMQ Content-Type: multipart/mixed; boundary="------------75ECDDB58DA6C19B2F5BCC56" This is a multi-part message in MIME format. --------------75ECDDB58DA6C19B2F5BCC56 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, today there was a new entry added to the vuxml file including all outdated ports. Where is the value in this Entry. The Information is already in the fact that the port has been removed. In this file should only are real vulnerabilities and not maybe vulnerable not existing ports. Right now this breaks my system to find vulnerable ports on my systems because all systems with legacy code show up with this entry. Please only add real vulnerabilities to this file. Maybe pkg audit should be print a warning (suppressible by a commandline switch or a whiltelist in the config file) when discontinued ports are installed. Putting all well known discontinued ports in a vuxml entry isn't a clean way to do it and creates a falls impression of security because all the not so well known discontinued ports are not in this list and users might depend on this warning. Regards Estartu --=20 ---------------------------------------------------------- Gerhard Schmidt | E-Mail: schmidt@ze.tum.de Technische Universit=C3=A4t M=C3=BCnchen | Jabber: estartu@ze.tum.de WWW & Online Services | Tel: +49 89 289-25270 | PGP-PublicKey Fax: +49 89 289-25257 | on request --------------75ECDDB58DA6C19B2F5BCC56-- --L6T2np12HcflSTa7cTIqE0NW7XNxe9IMQ-- --SaWoUH4GHb0IQ0XSSDE3x4d2fER0KnVNd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIvBAEBCAAZBQJXusTjEhxzY2htaWR0QHplLnR1bS5kZQAKCRB00kPMRXANowxP EACVD6oHfeJVxrpLmM8HjDMYCdRV0yKVR16PeiSLTUb+OFc/ValcuQQjGq0GxcMn GrnpopvTJyswW5SB7D/euUWYHZXvt9GVryhAAGibnZzu5EUQWVzaf+VYg0N0929f KQdBGhHAHbYuaiQPqNuiBp/acyZ5Y8R75+GssoJViWBBe1u18YFe6RpM8hReq0lG hlLEBheavpS/3kcodDfiC9duRjybAaDL595NdlNRAImtrzL1HIf3Yy6SACY8/eL4 d9sv7qr3dKMQuR3Sk2Bl0PfaGnCT2qdPjpWWYfZ9ScnMEfljswvuO0eCetdo1uXV UgoRhw39G/apJVdu9B9OYVxvjrqZrSjA+ASuc5pXCccyWIDbedoBJax1GScLPq52 mKmCnWKx9NclSZyF45R42lnzWnh/oXjuko+48zy0b0sBF0+fs1pB8bvQV6+L5PS+ dEpAkWKc0PGObHMZ5S2A3I+G694TKbHfLX7mWwuK1WD9vuuC+enmlxoA2gDrSUeP aibIKHQ/vEyV9Bry7GY9QqMvedPw/WOfb+RwuyfGarCfnlVHHtvg706sDEV7I56n Z+gTXyeEbpGx/vvhOtXeUvlDmT7pkOqwiXgP3LtlmtLT8VmsZ4IWLBUyJm93IcNY SMUQlcQwTANEOA/4CB4CwVPJZLYykXarEKYwWKZp/Jmeug== =Mf28 -----END PGP SIGNATURE----- --SaWoUH4GHb0IQ0XSSDE3x4d2fER0KnVNd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6c3a84dc-5669-039c-6fa1-92565dd47dff>