Date: Sun, 02 Oct 2011 12:16:40 -0700 From: Cy Schubert <Cy.Schubert@komquats.com> To: Doug Barton <dougb@FreeBSD.org> Cc: lme@FreeBSD.org, cvs-ports@FreeBSD.org, ports-committers@FreeBSD.org, cvs-all@FreeBSD.org, Cy Schubert <cy@FreeBSD.org> Subject: Re: cvs commit: ports/sysutils/syslog-ng1 Makefile Message-ID: <201110021916.p92JGeOh083857@cwsys.cwsent.com> In-Reply-To: Message from Doug Barton <dougb@FreeBSD.org> of "Sun, 02 Oct 2011 11:21:14 PDT." <4E88AB9A.5010801@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <4E88AB9A.5010801@FreeBSD.org>, Doug Barton writes: > FYI, in version 1.42 of the Makefile in its old location I tagged it thus: > > FORBIDDEN= Vulnerable since 2008-11-18, > http://portaudit.freebsd.org/75f2382e-b586-11dd-95f9-00e0815b8da8.html > EXPIRATION_DATE= 2011-10-14 The syslog-ng1 port has been adjusted to reflect the above. > > Apparently the repo copy was done from version 1.41 (another reason that > repo copies are a pointless waste). I'm not sure how to address this. I think communication is part of the answer but how would need to be engineered into the solution. A maintainer would obviously know the timing of when to commit and whether it would be safe to do so, however persons performing sweeping commits have no idea of any other background work being performed. Without putting too much thought into this at the moment repocopy requests could be put into a queue and anyone needing to perform sweeping commits could check the list and coordinate with with portmgr to time commits with repocopies or vice versa. This is not an uncommon problem in any development shop I've worked at or in any sysadmin role I've had. We just need processes in place to address this type of issue. Maybe a simple search for open repocopy requests is all we need: query-pr -x -q -s repocopy. > > In any case give how long this port was vulnerable it might have made > sense to just do the upgrade, and eliminate version 1 entirely. The next > best solution would be to move the expiration date up to 2011-10-14. > Either way the port should be FORBIDDEN, not DEPRECATED. It has been FORBIDDEN and DEPRECATED with an expiry date of Nov 14. -- Cheers, Cy Schubert <Cy.Schubert@komquats.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. > > > Doug > > > On 10/01/2011 20:53, Cy Schubert wrote: > > cy 2011-10-02 03:53:50 UTC > > > > FreeBSD ports repository > > > > Modified files: > > sysutils/syslog-ng1 Makefile > > Log: > > Deprecate syslog-ng1 and expire on Nov 1, 2011. > > > > Submitted by: Syslog-ng upline. > > Approved by: Maintainer > > > > Revision Changes Path > > 1.43 +3 -0 ports/sysutils/syslog-ng1/Makefile > > > > http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/sysutils/syslog-ng1/Makefile.di > ff?&r1=1.42&r2=1.43&f=h > > > > > > -- > > Nothin' ever doesn't change, but nothin' changes much. > -- OK Go > > Breadth of IT experience, and depth of knowledge in the DNS. > Yours for the right price. :) http://SupersetSolutions.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201110021916.p92JGeOh083857>