Re: Ports security [was: Ports/source dance]

Hi,

On 8/12/06, Simon L. Nielsen <simon@xxxxxxxxxxx> wrote:

>
> What would the FreeBSD security officer say about this ?

I was not on freebsd-isp, so I hadn't seen the start of this thread.

Ports security issues should go to either freebsd-ports@,
freebsd-security@, or directly to the FreeBSD Security Team at
secteam@xxxxxxxxxxx, if you want to catch the attention of the
Security Team.

I don't currently see enough volume with regards to ports security
issues to warrant a separate mailing list. I think using
freebsd-security@ should be fine, and we can always create a new list
if needed.

With regards to a separate security team for ports, it has been
discussed in the past, but so far hasn't been created mainly since it
haven't been a problem for secteam members working on ports just being
part of the "normal" secteam, while only/mostly working on ports
issues.

It would be very nice if more people helped out with the ports side of
FreeBSD security, but when we had the last call for volunteers among
committers there weren't a lot of people volunteering to help out with
ports as part of the Security Team.

That said, it's certainly no requirement to be a committer or to be
part of secteam to help out. Just create VuXML entries [1] [2] and
send them to freebsd-vuxml@xxxxxxxxxxx or secteam@xxxxxxxxxxx for
review and commit, or fix issues and send patches as PR's where
secteam is CC'ed.

--
Simon L. Nielsen
FreeBSD Deputy Security Officer



Thanks for the well-written response. I think at least part of it should
make it into the FreeBSD Security Information page (
http://www.freebsd.org/security/ ) since currently there is just a simple
reference towards VuXML for ports security.

My 2cents,
Adrian Penisoara
Ady (@freebsd.ady.ro, @rofug.ro)
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • FW: [Full-Disclosure] FreeBSD Security Notice FreeBSD-SN-03:01
    ... Subject: FreeBSD Security Notice FreeBSD-SN-03:01 ... Several ports in the FreeBSD Ports Collection are affected by security ... The listed vulnerabilities are not specific to FreeBSD unless ...
    (Full-Disclosure)
  • RE: PAWS security vulnerability
    ... FreeBSD security list" isn't grammatically correct. ... "I told you to post the patch and info to the appropriate FreeBSD security ... "...This point and others are often discussed on the mailing lists, ...
    (freebsd-questions)
  • [Full-Disclosure] FreeBSD Security Notice FreeBSD-SN-03:01
    ... Several ports in the FreeBSD Ports Collection are affected by security ... All versions given refer to the FreeBSD port/package version numbers. ... Some or all of the vulnerabilities affecting Samba may also affect ...
    (Full-Disclosure)
  • RE: Re: FreeBSD Security Survey
    ... FreeBSD has proven ... likely would reduce security issues exponentially. ... The survey is a great idea. ... While I find ports to be the single most useful feature of the FreeBSD ...
    (freebsd-stable)
  • RE: Re: FreeBSD Security Survey
    ... FreeBSD has proven ... likely would reduce security issues exponentially. ... The survey is a great idea. ... While I find ports to be the single most useful feature of the FreeBSD ...
    (FreeBSD-Security)