Re: Ports security [was: Ports/source dance]

On 2006.08.11 10:10:19 +0300, Adrian Penisoara wrote:
On 8/10/06, Mark Bucciarelli <mark@xxxxxxxxxxxxx> wrote:

There's a scary security alert from yesterday out and no port
update so I judged it to be isp-related. I looked for
ports-security list but didn't see one.

You know, that might be a very good ideea -- e.g. have a security team and
list for ports as we have one for the base distribution. There should be
enough volunteers.

What would the FreeBSD security officer say about this ?

I was not on freebsd-isp, so I hadn't seen the start of this thread.

Ports security issues should go to either freebsd-ports@,
freebsd-security@, or directly to the FreeBSD Security Team at
secteam@xxxxxxxxxxx, if you want to catch the attention of the
Security Team.

I don't currently see enough volume with regards to ports security
issues to warrant a separate mailing list. I think using
freebsd-security@ should be fine, and we can always create a new list
if needed.

With regards to a separate security team for ports, it has been
discussed in the past, but so far hasn't been created mainly since it
haven't been a problem for secteam members working on ports just being
part of the "normal" secteam, while only/mostly working on ports
issues.

It would be very nice if more people helped out with the ports side of
FreeBSD security, but when we had the last call for volunteers among
committers there weren't a lot of people volunteering to help out with
ports as part of the Security Team.

That said, it's certainly no requirement to be a committer or to be
part of secteam to help out. Just create VuXML entries [1] [2] and
send them to freebsd-vuxml@xxxxxxxxxxx or secteam@xxxxxxxxxxx for
review and commit, or fix issues and send patches as PR's where
secteam is CC'ed.

--
Simon L. Nielsen
FreeBSD Deputy Security Officer
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • FW: [Full-Disclosure] FreeBSD Security Notice FreeBSD-SN-03:01
    ... Subject: FreeBSD Security Notice FreeBSD-SN-03:01 ... Several ports in the FreeBSD Ports Collection are affected by security ... The listed vulnerabilities are not specific to FreeBSD unless ...
    (Full-Disclosure)
  • [Full-Disclosure] FreeBSD Security Notice FreeBSD-SN-03:01
    ... Several ports in the FreeBSD Ports Collection are affected by security ... All versions given refer to the FreeBSD port/package version numbers. ... Some or all of the vulnerabilities affecting Samba may also affect ...
    (Full-Disclosure)
  • RE: Re: FreeBSD Security Survey
    ... FreeBSD has proven ... likely would reduce security issues exponentially. ... The survey is a great idea. ... While I find ports to be the single most useful feature of the FreeBSD ...
    (freebsd-stable)
  • RE: Re: FreeBSD Security Survey
    ... FreeBSD has proven ... likely would reduce security issues exponentially. ... The survey is a great idea. ... While I find ports to be the single most useful feature of the FreeBSD ...
    (FreeBSD-Security)
  • OT: What will he do next?
    ... That was National Security. ... President Bush said Tuesday that a deal allowing an Arab company to take ... Senate Republican Leader Bill Frist urged the administration to ... Ports World, a state-owned business in the United Arab Emirates. ...
    (comp.sys.hp.mpe)