cvs commit: ports/sysutils/syslog-ng1 Makefile

Cy Schubert Cy.Schubert at komquats.com
Sun Oct 2 19:17:12 UTC 2011 

In message <4E88AB9A.5010801 at FreeBSD.org>, Doug Barton writes:
> FYI, in version 1.42 of the Makefile in its old location I tagged it thus:
> 
> FORBIDDEN=      Vulnerable since 2008-11-18,
> http://portaudit.freebsd.org/75f2382e-b586-11dd-95f9-00e0815b8da8.html
> EXPIRATION_DATE=        2011-10-14

The syslog-ng1 port has been adjusted to reflect the above.

> 
> Apparently the repo copy was done from version 1.41 (another reason that
> repo copies are a pointless waste).

I'm not sure how to address this. I think communication is part of the 
answer but how would need to be engineered into the solution. A maintainer 
would obviously know the timing of when to commit and whether it would be 
safe to do so, however persons performing sweeping commits have no idea of 
any other background work being performed. Without putting too much thought 
into this at the moment repocopy requests could be put into a queue and 
anyone needing to perform sweeping commits could check the list and 
coordinate with with portmgr to time commits with repocopies or vice versa. 
This is not an uncommon problem in any development shop I've worked at or 
in any sysadmin role I've had. We just need processes in place to address 
this type of issue. Maybe a simple search for open repocopy requests is all 
we need: query-pr -x -q -s repocopy.


> 
> In any case give how long this port was vulnerable it might have made
> sense to just do the upgrade, and eliminate version 1 entirely. The next
> best solution would be to move the expiration date up to 2011-10-14.
> Either way the port should be FORBIDDEN, not DEPRECATED.

It has been FORBIDDEN and DEPRECATED with an expiry date of Nov 14.


-- 
Cheers,
Cy Schubert <Cy.Schubert at komquats.com>
FreeBSD UNIX:  <cy at FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.


> 
> 
> Doug
> 
> 
> On 10/01/2011 20:53, Cy Schubert wrote:
> > cy          2011-10-02 03:53:50 UTC
> > 
> >   FreeBSD ports repository
> > 
> >   Modified files:
> >     sysutils/syslog-ng1  Makefile 
> >   Log:
> >   Deprecate syslog-ng1 and expire on Nov 1, 2011.
> >   
> >   Submitted by:   Syslog-ng upline.
> >   Approved by:    Maintainer
> >   
> >   Revision  Changes    Path
> >   1.43      +3 -0      ports/sysutils/syslog-ng1/Makefile
> > 
> > http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/sysutils/syslog-ng1/Makefile.di
> ff?&r1=1.42&r2=1.43&f=h
> > 
> 
> 
> 
> -- 
> 
> 	Nothin' ever doesn't change, but nothin' changes much.
> 			-- OK Go
> 
> 	Breadth of IT experience, and depth of knowledge in the DNS.
> 	Yours for the right price.  :)  http://SupersetSolutions.com/

More information about the cvs-ports mailing list