From owner-svn-ports-all@FreeBSD.ORG  Sun Jun 16 22:58:18 2013
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 41FDFDD9;
 Sun, 16 Jun 2013 22:58:18 +0000 (UTC)
 (envelope-from miwi@bsdhash.org)
Received: from bsdhash.org (bsdhash.org [94.23.250.27])
 by mx1.freebsd.org (Postfix) with ESMTP id 9A5501D50;
 Sun, 16 Jun 2013 22:58:17 +0000 (UTC)
Received: from [192.168.0.105] (unknown [175.136.124.238])
 by bsdhash.org (Postfix) with ESMTPA id E11A450F52;
 Mon, 17 Jun 2013 06:58:07 +0800 (MYT)
Subject: Re: svn commit: r321045 - head/security/tor-devel
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
Content-Type: text/plain; charset=us-ascii
From: Martin Wilke <miwi@bsdhash.org>
In-Reply-To: <CAF6rxgk1CF9SySZkdKykVvd9M8VfHm2oHvCFKX=zhZ=UznO8hw@mail.gmail.com>
Date: Mon, 17 Jun 2013 06:58:04 +0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <E35BA0BD-766D-4E50-BFBF-A2DB089D8435@bsdhash.org>
References: <201306161247.r5GCloLW020616@svn.freebsd.org>
 <CAF6rxgm3x4VgGCnWBJC5SanViZuj1ZNQ-qfsZFgwiSmpBkvXuQ@mail.gmail.com>
 <CAGFTUwPZM4u6LYvx_rsF4My7tHPZKS3V_N2YO7ur29HQyesOsQ@mail.gmail.com>
 <CAF6rxgnC8hDDwTW9NxqCDs8YEYyFRLzzDm=g=94A5Fn6GdXveA@mail.gmail.com>
 <CAGFTUwP-_xJUTdj=hr7wM_BV-=Bo+ktE1ud6s3n1eBizjUH=fQ@mail.gmail.com>
 <CAF6rxgk1CF9SySZkdKykVvd9M8VfHm2oHvCFKX=zhZ=UznO8hw@mail.gmail.com>
To: Eitan Adler <eadler@FreeBSD.ORG>
X-Mailer: Apple Mail (2.1503)
Cc: bf1783@gmail.com, svn-ports-head@freebsd.org, svn-ports-all@freebsd.org,
 ports-committers@freebsd.org
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jun 2013 22:58:18 -0000


On Jun 17, 2013, at 2:50 AM, Eitan Adler <eadler@FreeBSD.ORG> wrote:

> On Sun, Jun 16, 2013 at 8:17 PM, b.f. <bf1783@googlemail.com> wrote:
>> On 6/16/13, Eitan Adler <eadler@freebsd.org> wrote:
>>> On Sun, Jun 16, 2013 at 4:06 PM, b.f. <bf1783@googlemail.com> wrote:
>>>> In this case no CVEs were issued
>>>=20
>>> This is odd.
>>=20
>> Not very, when you consider that this is development code, and not a
>> stable release.  It would be absurd to think that every developer =
goes
>> running to a CNA every time they find any problem in their =
repository.
>=20
> CVEs are given for beta releases (see CVE mailing lists for details).
> I don't think debating this point is very important.
>=20
>=20
>> Not
>> every bug is found, fewer still are disclosed, and even fewer are
>> reported to a CNA and given a CVE-ID.
>=20
> Agreed
>=20
>> The Tor developers are very conscientious when it comes to reporting
>> bugs, even ones that are unlikely to be exploited. They often fix and
>> report problems that would go undetected or undisclosed in other
>> projects.  But only some of the most serious bugs are reported by the
>> project or by others to a CNA.
>=20
> Understood.
>=20
> Back to the point at hand, I do think this should be documented in =
VuXML.

I don't think so.  You are really getting annoying with telling people =
what there have to do..

We never documented -devel and it should be never documented as brandan =
already pointed out its development code.

- Martin

>=20
>=20
> --=20
> Eitan Adler
> Source, Ports, Doc committer
> Bugmeister, Ports Security teams
>=20

+-----------------oOO--(_)--OOo-------------------------+
With best Regards,
       Martin Wilke (miwi_(at)_FreeBSD.org)

Mess with the Best, Die like the Rest