From owner-cvs-ports@FreeBSD.ORG  Tue Jun  8 08:58:41 2004
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 86FDA16A4CE; Tue,  8 Jun 2004 08:58:41 +0000 (GMT)
Received: from www.russia.cz (mail.russia.cz [195.70.151.35])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id ACF0943D39; Tue,  8 Jun 2004 08:58:40 +0000 (GMT)
	(envelope-from sobomax@portaone.com)
Received: from portaone.com (localhost [127.0.0.1])
	(authenticated bits=0)
	by www.russia.cz (8.12.8p2/8.12.8) with ESMTP id i588wcI6050983;
	Tue, 8 Jun 2004 10:58:38 +0200 (CEST)
	(envelope-from sobomax@portaone.com)
Message-ID: <40C57FAE.3080202@portaone.com>
Date: Tue, 08 Jun 2004 11:58:22 +0300
From: Maxim Sobolev <sobomax@portaone.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en, ru, uk
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
References: <200406080627.i586RiBi065038@repoman.freebsd.org>
	<xzp8yeypnes.fsf@dwp.des.no> <40C5633D.50204@portaone.com>
	<xzp4qpm1nzs.fsf@dwp.des.no>
In-Reply-To: <xzp4qpm1nzs.fsf@dwp.des.no>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
cc: cvs-ports@FreeBSD.ORG
cc: cvs-all@FreeBSD.ORG
cc: ports-committers@FreeBSD.ORG
Subject: Re: cvs commit: ports/devel/pwlib Makefile ports/devel/pwlib/files
 ports/net/asterisk Makefile
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jun 2004 08:58:41 -0000

Dag-Erling Smørgrav wrote:

> Maxim Sobolev <sobomax@portaone.com> writes:
> 
>>Dag-Erling Smørgrav wrote:
>>
>>>Maxim Sobolev <sobomax@FreeBSD.org> writes:
>>>
>>>> No reply from:  security-officer
>>>
>>>What kind of reply were you expecting?
>>
>>I was expecting sort of approval.
> 
> 
> You're a member of portmgr, and shouldn't need anyone's approval to
> commit to the ports tree, especially when the issue is already public.

Since it was known security problem and I wanted to commit a fix, I 
expected that security officers would want to review the fix.

>>>BTW, could you please add a vuln.xml entry for this?
>>
>>Yes, I can, but what exactly should I add?
> 
> 
> Look at what's already there; it should briefly describe the bug,
> specify which versions are affected, and provide references to vendor
> information.  The bug ID is a DCE UUID, which you can generate with
> uuidgen(1).

What should I do if I have committed a fix to a vulnerability already 
documented in vuln.xml? BTW, it probably would be nice if you can 
document it either in Committer's Handbook or Porter's Handbook.

-Maxim