Date: Mon, 16 Aug 2004 09:59:01 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Oliver Eikemeier <eikemeier@fillmore-labs.com> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/portaudit-db/database portaudit.txt portaudit.xlist portaudit.xml Message-ID: <20040816145901.GB5482@lum.celabo.org> In-Reply-To: <59A4C7E0-EEE2-11D8-87C4-00039312D914@fillmore-labs.com> References: <20040815162939.GB3559@lum.celabo.org> <59A4C7E0-EEE2-11D8-87C4-00039312D914@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[Hmm, it seems that the lists that contain FreeBSD developers was accidently dropped. Fixed.] On Sun, Aug 15, 2004 at 07:41:34PM +0200, Oliver Eikemeier wrote: > Jacques A. Vidrine wrote: > > >The commit message seems to be incomplete. The 670% increase in > >portaudit.xml seems to be largely a number of entries that are also in > >ports/security/vuxml/vuln.xml, although the text and references seem to > >be rewritten in most (all?) cases and different UUIDs have been > >assigned. > > Yup, they use the UUIDs they had assigned in portaudit, before they have > been re-added with different UUIDs to vuxml. > > >I'm not sure what portaudit.xml is for, but it seems a bit confusing to > >have some issues described differently in two different locations. > >Maybe > >you could clue me in as to what is going on? Seems like we need to > >normalize this data. > > Those entries are tested and work with portaudit. It seems like vuxml > has different requirements. You keep making this assertion, but you have not given any details. What gives? For example, why have you duplicated the following entry: in ports/security/vuxml/vuln.xml ``acroread uudecoder input validation error'' http://vuxml.freebsd.org/78348ea2-ec91-11d8-b913-000c41e2cdad.html in ports/security/portaudit-db/database/portaudit.xml ``Acrobat Reader handling of malformed uuencoded pdf files'' http://people.freebsd.org/~eik/portaudit/ab166a60-e60a-11d8-9b0a-000347a4fa7d.html What is it about the original entry that does not "work with portaudit"? This is particularly confusing because you somehow claim that the original entry is "superseded" by yours. http://people.freebsd.org/~eik/portaudit/78348ea2-ec91-11d8-b913-000c41e2cdad.html Why didn't you simply correct the original entry if there is a problem? What are you trying to accomplish, Oliver? I would really like to know because clearly this situation is not good for our community. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040816145901.GB5482>