From nobody Sat Aug 17 07:15:54 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wm9Bd0JHMz5SSL8 for ; Sat, 17 Aug 2024 07:16:09 +0000 (UTC) (envelope-from kevin.bowling@kev009.com) Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wm9Bc5ZMqz49pZ for ; Sat, 17 Aug 2024 07:16:08 +0000 (UTC) (envelope-from kevin.bowling@kev009.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-qk1-x730.google.com with SMTP id af79cd13be357-7a1df0a93eeso172993285a.1 for ; Sat, 17 Aug 2024 00:16:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kev009.com; s=google; t=1723878967; x=1724483767; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=MPAjIv2hjMNyy6G6sAhPdhdJOpGBTcTiFgP4ZyDgq3E=; b=pjMrLEmLIY4jVpr/NSJwd+uPO2Ep/VEp+4cAUfOdALxXaFmPQjkL114HL5j7A6ft1q LNp8UZ4eW5MsbsxIjdUPpPcNROjoBcexo+tszmXB9MdXAQZSoDYtxXH137VpnYW23MHP 4pmFFCgbgEsjbo9GmO40qeB91usXZiPiMHeB4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723878967; x=1724483767; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MPAjIv2hjMNyy6G6sAhPdhdJOpGBTcTiFgP4ZyDgq3E=; b=utQKloz3kncUFiap5l5EJJKokpPwQUCO+ZLQDSlkRiTN5liNum1FGMgWX3XwcjHfxa JCuj+u/3sXWs6hvpw5mGxvc16m1fVoLgf4B9npioNE5YuGrEZc7ATCFa7if6bviKF8ij WaT08E13GJ+O/o9IjqLL3kVP5Qy2uWuFSXhYKb7KjHHHhVTFlbPiegq81VabmkonkZJp Vn28YjWg6OJpj3oL4TWk9c2jGSBaKyHLYAT8ta4BpHTqutFWvk+7YR8g7/13nnibioip rFOLk5AJE7eCaNIaxKX8I3v/lPzPhmK2sASZc81829sRDSAGDOj0UyFzWMP8eeE7UqLx XrCQ== X-Forwarded-Encrypted: i=1; AJvYcCWzR3OQjHaxOi4jofGgFxjcEn1CPbp1PrmJjBwz4fHeGf3kdgMZal74Kmj6l6+sS/d7gHSKykJoXNR3DfjuK892JyfvNU3FiM9/Jcw56ieeWtHT X-Gm-Message-State: AOJu0YzNw990kBSLjkqmnJbZBT7QNvgPHN+0hPkWHU9/c5HnQC8UPvmh 9tDCmEA5WK+VioMJC9Nsl+olVTZJzO9i6OuxGRhIUTpUdyHf8FSdsoMmYXZ6+Q/xa/XlryKO7Ad FwQPO++a1FDmFzbH1veE2zcXU0qHWo8BvhB8nb8OPj6s+xXOSr83G X-Google-Smtp-Source: AGHT+IFeXpUuaRZNkx5oSKDapp2Hg2Ycm5Fl4SmW+kQ60GNwMxJRsZsllSqi9CQiWVhJyEZinSr+hHKQebndTWuNVps= X-Received: by 2002:a05:620a:2604:b0:7a1:e371:8e0d with SMTP id af79cd13be357-7a5069e5d8fmr522098485a.62.1723878966404; Sat, 17 Aug 2024 00:16:06 -0700 (PDT) List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 References: <202408161835.47GIZuZJ084942@gitrepo.freebsd.org> <5b4df306-2998-4f98-b5fa-8bf168cd011a@freebsd.org> In-Reply-To: From: Kevin Bowling Date: Sat, 17 Aug 2024 00:15:54 -0700 Message-ID: Subject: =?UTF-8?B?UmU6IGdpdDogNzJkZDhkMmVlNjc2IC0gbWFpbiAtIG1haWwvZG92ZWNvdDogdXBkYXRlIA==?= =?UTF-8?B?Mi4zLjIxIOKGkiAyLjMuMjEuMSAoZml4ZXMgMiBDVkVzKQ==?= To: Gleb Popov Cc: Vladimir Druzenko , ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4Wm9Bc5ZMqz49pZ On Fri, Aug 16, 2024 at 11:56=E2=80=AFPM Gleb Popov wr= ote: > > On Sat, Aug 17, 2024 at 1:03=E2=80=AFAM Kevin Bowling wrote: > > > > You should seek help or abstain from doing security updates then. > > Is this a policy written somewhere? I don't see how not updating a > VuXML entry is worse than not updating the vulnerable port itself. Updating and forgetting or simply not knowing how to do something once is fine. A refusal, if you aren't going to uphold the standard comitter practices after being shown, maybe you should reconsider whether you are the right person for the direct commit access and filter it through review/PR so other committers can massage the correct result. I'm not really sure why this is turning into a discussion. The request is standard practice for handling CVEs in the repo and a courtesy to other committers and even more for users who rely on tools like pkg audit and do not watch commit logs.