From owner-svn-ports-all@FreeBSD.ORG Sun Jun 16 18:51:19 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 4ED05107 for ; Sun, 16 Jun 2013 18:51:19 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-pa0-x230.google.com (mail-pa0-x230.google.com [IPv6:2607:f8b0:400e:c03::230]) by mx1.freebsd.org (Postfix) with ESMTP id 26B6B1353 for ; Sun, 16 Jun 2013 18:51:19 +0000 (UTC) Received: by mail-pa0-f48.google.com with SMTP id kp12so2145542pab.7 for ; Sun, 16 Jun 2013 11:51:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=O2EG6VJgHA4c3PbbVUDVihxnSrDvkL3Jk7nsIQlo3Y0=; b=P304UkLIU+RNLMgu/zsWe6cJSsmT0Q3QRRX2YX7utOlhZD+5+ekLQ5U/Wpei/9dMvU asLbSqEIGxGolFoPcg85vtcBeOVX+zPTQjo8nvzvWcqZPvfF+C/WLlyHnczCghiWesut SS77PwugnnpTnd1TJIaKYJPwHbUx1E3SiS48s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :x-gm-message-state; bh=O2EG6VJgHA4c3PbbVUDVihxnSrDvkL3Jk7nsIQlo3Y0=; b=oiXI4OBC7HOIikuJFhdvn5yS09QQg182pwN+QON3Ejwun4q/KsUqOA/1D+uAArXWet QnrdzlrAk7XovyY7TrhteAmPCmmOqy6olEK6WUrBuZg7AWEFdi3Rv+NZKIOHNpgbxDwf fO3XBdTAYNinaffJV3mrGDjfuHxz49B/ahmBWO9Lr/pm5ow6YXJCvTjX/o/MLdus2ljm xdaVzgUkWawhr0lUMETqQn7rougDl6eCxXqk/HMuXa74MzH6KkOyr7+1Mt3/1XUMSyVd 538R/eHVP6ZUvc/hy0OHhFVMvet2vQ10SZ59mm1S+CL4WdpDi4FCmRyMgId7zfR/Ka0r ZIgA== X-Received: by 10.68.244.164 with SMTP id xh4mr10008219pbc.157.1371408678829; Sun, 16 Jun 2013 11:51:18 -0700 (PDT) MIME-Version: 1.0 Sender: lists@eitanadler.com Received: by 10.70.45.33 with HTTP; Sun, 16 Jun 2013 11:50:48 -0700 (PDT) In-Reply-To: References: <201306161247.r5GCloLW020616@svn.freebsd.org> From: Eitan Adler Date: Sun, 16 Jun 2013 20:50:48 +0200 X-Google-Sender-Auth: 2AA5JwHt6_lhAJHNCaMwIGxreBw Message-ID: Subject: Re: svn commit: r321045 - head/security/tor-devel To: bf1783@gmail.com Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQmlp8Y2CtY27RabnbjwmNOWLA3nTtjM11rMxCeXaRQ2TQdxRrUZMoVTnsN2oqfmOHZ7ZJ5d Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jun 2013 18:51:19 -0000 On Sun, Jun 16, 2013 at 8:17 PM, b.f. wrote: > On 6/16/13, Eitan Adler wrote: >> On Sun, Jun 16, 2013 at 4:06 PM, b.f. wrote: >>> In this case no CVEs were issued >> >> This is odd. > > Not very, when you consider that this is development code, and not a > stable release. It would be absurd to think that every developer goes > running to a CNA every time they find any problem in their repository. CVEs are given for beta releases (see CVE mailing lists for details). I don't think debating this point is very important. > Not > every bug is found, fewer still are disclosed, and even fewer are > reported to a CNA and given a CVE-ID. Agreed > The Tor developers are very conscientious when it comes to reporting > bugs, even ones that are unlikely to be exploited. They often fix and > report problems that would go undetected or undisclosed in other > projects. But only some of the most serious bugs are reported by the > project or by others to a CNA. Understood. Back to the point at hand, I do think this should be documented in VuXML. -- Eitan Adler Source, Ports, Doc committer Bugmeister, Ports Security teams