Date: Mon, 31 Mar 2003 17:09:48 +0300 From: Dan Naumov <dan.naumov@ofw.fi> To: freebsd-ports@freebsd.org Subject: Re: again... serious security hole in a port (dcgui/dclib) Message-ID: <20030331170948.583ced4e.dan.naumov@ofw.fi> In-Reply-To: <20030331132420.0b94c5ae.davide.lemma@sito.it> References: <20030331132420.0b94c5ae.davide.lemma@sito.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 31 Mar 2003 13:24:20 +0200 Davide Lemma <davide.lemma@sito.it> wrote: > Hello again... really frustated this will be my last attempt to try to commit a > fresh updated rebuild of a port with a really serious security hole. I can feel your pain, I've quite often submitted PRs and contacted port maintainers regarding problems with specific ports, only to hear dead silence as the responce. > I've yet advised the official port's maintainer more than one month ago, but the > answer was that he was leaving the port maintainment. I've yet sent trought > send-pr the new diff files to update the port. Current version is 0.2.8, while > in the port tree there is yet 0.1.11beta version!! (one year and half older). I'd suggest you do one of the following things: 1) Contact several port committers and explain the problem to them. This could probably be the fasted solution to your problem. Better yet, become friends with a few committers :) 2) There are several people who are directly responcible for the "security" part of FreeBSD. Some of the work on the ports tree, while others work on the base system. Take a look at http://www.freebsd.org/security/index.html > Hoping that with this advise will be taken soon a decision. > Most users don't know how can be dangerous this kind of bug and they can have > their system compromised so easy. Yes, this is indeed, truly unfortunate. As a matter of fact, I've been somewhat unsatisfied with the state of the ports tree as of late myself. I am not yet sure what I'll be doing about this, but I've considered starting up a "Port Quality Watchers" team which would consist of volunteers browsing the ports tree daily looking for ways to break things and report them to the right people. It'd also be nice if this team had a few port committers on board. This would help speed-up things somewhat. Sincerely, Dan Naumov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030331170948.583ced4e.dan.naumov>