NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2006-08

Re: Ports security [was: Ports/source dance]

From: Adrian Penisoara (adyfreebsd.ady.ro)
Date: Sat Aug 12 2006 - 06:48:10 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On 8/12/06, Simon L. Nielsen <simonfreebsd.org> wrote:
>
> >
> > What would the FreeBSD security officer say about this ?
>
> I was not on freebsd-isp, so I hadn't seen the start of this thread.
>
> Ports security issues should go to either freebsd-ports,
> freebsd-security, or directly to the FreeBSD Security Team at
> secteamFreeBSD.org, if you want to catch the attention of the
> Security Team.
>
> I don't currently see enough volume with regards to ports security
> issues to warrant a separate mailing list. I think using
> freebsd-security should be fine, and we can always create a new list
> if needed.
>
> With regards to a separate security team for ports, it has been
> discussed in the past, but so far hasn't been created mainly since it
> haven't been a problem for secteam members working on ports just being
> part of the "normal" secteam, while only/mostly working on ports
> issues.
>
> It would be very nice if more people helped out with the ports side of
> FreeBSD security, but when we had the last call for volunteers among
> committers there weren't a lot of people volunteering to help out with
> ports as part of the Security Team.
>
> That said, it's certainly no requirement to be a committer or to be
> part of secteam to help out. Just create VuXML entries [1] [2] and
> send them to freebsd-vuxmlFreeBSD.org or secteamFreeBSD.org for
> review and commit, or fix issues and send patches as PR's where
> secteam is CC'ed.

--
> Simon L. Nielsen
> FreeBSD Deputy Security Officer
>

Thanks for the well-written response. I think at least part of it should
make it into the FreeBSD Security Information page (
http://www.freebsd.org/security/ ) since currently there is just a simple
reference towards VuXML for ports security.

My 2cents,
Adrian Penisoara
Ady (freebsd.ady.ro, rofug.ro)
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]