On 13/04/2021 06:03, Gordon Tetlow wrote:
On Apr 12, 2021, at 03:21, Miroslav Lachman <000.f...@quip.cz> wrote:
On 11/04/2021 21:49, Gian Piero Carrubba wrote:
* [Sun, Apr 11, 2021 at 09:36:05PM +0200] Miroslav Lachman:
On 11/04/2021 21:21, Gian Piero Carrubba wrote:
CCing ports-secteam@ as it seems a more appropriate recipient.
Vulnerabilities in base should be handled by core secteam, not ports secteam.
The maintainer address for vuxml is ports-secteam@, so my impression is that
entries in vuxml, regardless if they affect base or ports, are managed by them.
Am I wrong?
Because there are entries mainly for ports and vuxml is port too. But the
responsible side for vulnerabilities in base is Security Officer Team. They are
publishing SAs, they should create and submit entries to vuxml. They are almost
always lacking behind, sometimes for months. I tried created patches with
entries in the past because I am the author of base-audit script and maintainer
of the port but then it was waiting for a long time to have it confirmed by
Security Officer Team.
I fought with this many times.
Hi there!
Secteam has been pretty faithfully putting base issues into vuxml for the past
year at least, thanks to the tireless work by Philip. The current issues were
committed to vuxml 6 days ago. Apparently, the backend that serves the vuxml
for clients hasn’t been updated for the ports git transition. There is a pr
for that already and hopefully it will be sorted soon.
Good to hear that. I hope it will be fixed soon.
Kind regards
Miroslav Lachman
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
