Ports EOL vuxml entry
Gerhard Schmidt
schmidt at ze.tum.de
Mon Aug 22 09:25:00 UTC 2016
Hi,
today there was a new entry added to the vuxml file including all
outdated ports. Where is the value in this Entry. The Information is
already in the fact that the port has been removed.
In this file should only are real vulnerabilities and not maybe
vulnerable not existing ports.
Right now this breaks my system to find vulnerable ports on my systems
because all systems with legacy code show up with this entry.
Please only add real vulnerabilities to this file. Maybe pkg audit
should be print a warning (suppressible by a commandline switch or a
whiltelist in the config file) when discontinued ports are installed.
Putting all well known discontinued ports in a vuxml entry isn't a clean
way to do it and creates a falls impression of security because all the
not so well known discontinued ports are not in this list and users
might depend on this warning.
Regards
Estartu
--
----------------------------------------------------------
Gerhard Schmidt | E-Mail: schmidt at ze.tum.de
Technische Universität München | Jabber: estartu at ze.tum.de
WWW & Online Services |
Tel: +49 89 289-25270 | PGP-PublicKey
Fax: +49 89 289-25257 | on request
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 847 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20160822/f1dfb4dc/attachment.sig>
More information about the freebsd-security
mailing list