From owner-cvs-ports@FreeBSD.ORG Mon Aug 16 16:34:56 2004 Return-Path: Delivered-To: cvs-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AD4C16A4CE; Mon, 16 Aug 2004 16:34:56 +0000 (GMT) Received: from fillmore.dyndns.org (port-212-202-50-15.dynamic.qsc.de [212.202.50.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id D976243D48; Mon, 16 Aug 2004 16:34:55 +0000 (GMT) (envelope-from eikemeier@fillmore-labs.com) Received: from dhcp-11.local ([172.16.0.11]) by fillmore.dyndns.org with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 4.41 (FreeBSD)) id 1BwkRh-000AEI-3n; Mon, 16 Aug 2004 18:34:55 +0200 Date: Mon, 16 Aug 2004 18:36:40 +0200 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) To: "Jacques A. Vidrine" From: Oliver Eikemeier In-Reply-To: <20040816145901.GB5482@lum.celabo.org> Message-Id: <730CE1BB-EFA2-11D8-924A-00039312D914@fillmore-labs.com> Content-Transfer-Encoding: 7bit User-Agent: KMail/1.5.9 cc: cvs-ports@FreeBSD.org cc: cvs-all@FreeBSD.org cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/portaudit-db/database portaudit.txt portaudit.xlist portaudit.xml X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Aug 2004 16:34:56 -0000 Jacques A. Vidrine wrote: > [...] > > You keep making this assertion, but you have not given any details. > What gives? For example, why have you duplicated the following entry: > > in ports/security/vuxml/vuln.xml > ``acroread uudecoder input validation error'' > http://vuxml.freebsd.org/78348ea2-ec91-11d8-b913-000c41e2cdad.html > > in ports/security/portaudit-db/database/portaudit.xml > ``Acrobat Reader handling of malformed uuencoded pdf files'' > > http://people.freebsd.org/~eik/portaudit/ab166a60-e60a-11d8-9b0a-000347a4fa7d. > html > > What is it about the original entry that does not "work with portaudit"? I made the entry Aug 4 2004 11:43:15 UTC: You've added a copy Aug 12 2004 19:05:51 UTC: > This is particularly confusing because you somehow claim that the > original entry is "superseded" by yours. > > > http://people.freebsd.org/~eik/portaudit/78348ea2-ec91-11d8-b913-000c41e2cdad. > html > > Why didn't you simply correct the original entry if there is a problem? I decided to mark yours as a duplicate of my entry made eight days before. I try to keep portaudit references permanent. > What are you trying to accomplish, Oliver? I would really like to know > because clearly this situation is not good for our community. A correctly working port auditing system, where users are timely warned of possible vulnerabilities in their installed software. While it might be acceptable when a documentation sometimes leaves out a PORTEPOCH or has false positives for a couple of days, I consider this highly problematic for portaudit and try to fix these things ASAP. What are you trying to accomplish? -Oliver