ports/128999: [vuxml] [patch] update audio/streamripper to
1.64.0, fix CVE-2008-4829
Ian Smith
smithi at nimnet.asn.au
Mon Nov 24 21:51:33 PST 2008
On Mon, 24 Nov 2008, David F. Severski wrote:
> On Mon, Nov 24, 2008 at 11:06:56PM +0100, William Palfreman wrote:
> > That's nice. I am sure it is very useful on the ports mailinglist
> > where it belongs. I also greatly enjoy the frequent interesting and
> > informed discussion on the security mailinglist - of which Eirik
> > Overby's thread recently about syn+fin is one example. But all these
> > ports announcements, raw patches, garbled html etc. I could really do
> > without. It is why there are separate lists.
>
> Was there a discussion or even an announcement indicating that the
> security-related port commit messages would be sent to freebsd-security?
Not that I could find. The other day I reviewed the last three months'
archives looking for any notice I'd missed. These ports security issues
and patches postings began on Nov 8; I've resisted commenting until now.
> This seems to have started just this month. Like William, I also find the
> explosion of commit messages and bug tracking minutia detracts from the
> low volume and high value of the freebsd-security list. The list
> description on mailman indicates the intent of the list is to be a
> 'high-signal, low-noise discussion of issues affecting the security of
> FreeBSD.' Including every single obliquely security related port commit
> seems counter to this intention.
>
> I'd very much like to see a separate list for the automated port postings,
> leaving this list to it's historical usage.
I'm also finding these to be swamping S/N (as are these posts, I know!)
and no, switching to security-advisories@ wouldn't cut it for me, for
the same reasons William mentions above.
We're heading towards 20,000 ports these days, and while I appreciate
and rely on the vuxml database and portaudit for vulns and updates for
those ports I use, and am glad to see such active work going on, I'm
feeling the separation of base system (including contrib) from ports
remains important - especially in the security context.
My 2c (now scarcely U$1.3c),
Ian
More information about the freebsd-security
mailing list