On 11 June 2015 at 06:47, Matthew Seaman matt...@freebsd.org wrote:
On 11/06/2015 09:15, Mark Linimon wrote:
On Wed, Jun 10, 2015 at 11:45:29PM -0600, Janky Jay, III wrote:
Hrm... Numerous inquiries regarding this and no response is somewhat
disappointing.
This is not an excuse, but a number
On 11/06/2015 09:15, Mark Linimon wrote:
On Wed, Jun 10, 2015 at 11:45:29PM -0600, Janky Jay, III wrote:
Hrm... Numerous inquiries regarding this and no response is somewhat
disappointing.
This is not an excuse, but a number of us are at BSDCan and distracted.
There have been discussions
On Wed, Jun 10, 2015 at 11:45:29PM -0600, Janky Jay, III wrote:
Hrm... Numerous inquiries regarding this and no response is somewhat
disappointing.
This is not an excuse, but a number of us are at BSDCan and distracted.
There have been discussions about how to solve the larger ports security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hrm... Numerous inquiries regarding this and no response is somewhat
disappointing. If anyone gets any feedback from anywhere else, please
update the rest of us (BSDCan contacts/update included... I can't make
it... :( )
Regards,
Janky Jay, III
On
On Fri, May 29, 2015 at 5:15 PM, Robert Simmons rsimmo...@gmail.com wrote:
Crickets.
May I ask again:
How do we find out who the members of the Ports Secteam are?
How do we join the team?
Anyone?
On Thu, May 28, 2015 at 12:47 PM, Bryan Drewery bdrew...@freebsd.org
wrote:
I think
On Mon, Jun 8, 2015, at 15:55, Roger Marquis wrote:
On Fri, May 29, 2015 at 5:15 PM, Robert Simmons rsimmo...@gmail.com wrote:
Crickets.
May I ask again:
How do we find out who the members of the Ports Secteam are?
How do we join the team?
Anyone?
I really hope this can
On Fri, May 29, 2015 at 5:15 PM, Robert Simmons rsimmo...@gmail.com wrote:
On Thu, May 28, 2015 at 12:47 PM, Bryan Drewery bdrew...@freebsd.org wrote:
I think the VUXML database needs to be simpler to contribute to. Only a
handful of committers feel comfortable touching the file. We have also
On 29 May, Robert Simmons wrote:
On Thu, May 28, 2015 at 12:47 PM, Bryan Drewery bdrew...@freebsd.org wrote:
I think the VUXML database needs to be simpler to contribute to. Only a
handful of committers feel comfortable touching the file. We have also
had the wrong pervasive mentality by
On 28 May 2015 at 17:47, Bryan Drewery bdrew...@freebsd.org wrote:
I think the VUXML database needs to be simpler to contribute to. Only a
handful of committers feel comfortable touching the file. We have also
had the wrong pervasive mentality by committers and users that the vuxml
database
On Thu, May 28, 2015 at 12:47 PM, Bryan Drewery bdrew...@freebsd.org wrote:
I think the VUXML database needs to be simpler to contribute to. Only a
handful of committers feel comfortable touching the file. We have also
had the wrong pervasive mentality by committers and users that the vuxml
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/28/2015 11:31 AM, Mark Felder wrote:
On Thu, May 28, 2015, at 11:47, Bryan Drewery wrote:
Personally I agree on all points. Our ports security regime is not
working.
I already communicated further with Roger off-list, but would like to
On 5/28/2015 12:16 PM, Mark Felder wrote:
On Thu, May 28, 2015, at 11:47, Bryan Drewery wrote:
I think the VUXML database needs to be simpler to contribute to. Only a
handful of committers feel comfortable touching the file.
We could use a very friendly user-facing form that they can
On Thu, May 28, 2015, at 11:57, Bryan Drewery wrote:
On 5/28/2015 11:47 AM, Bryan Drewery wrote:
On 5/27/2015 12:40 PM, Roger Marquis wrote:
...
This php one came up in the week and I almost
just fixed it, but doing those things burns me out as I have my own
priorities.
Once of
On Thu, May 28, 2015, at 11:47, Bryan Drewery wrote:
Personally I agree on all points. Our ports security regime is not
working.
I already communicated further with Roger off-list, but would like to
point out that I *do* think there is a problem, but I don't think it's
the sky is falling /
On Thu, May 28, 2015, at 11:47, Bryan Drewery wrote:
I think the VUXML database needs to be simpler to contribute to. Only a
handful of committers feel comfortable touching the file.
We could use a very friendly user-facing form that they can fill out to
create a valid vuxml entry. And then
On 5/27/2015 12:40 PM, Roger Marquis wrote:
If you find a vulnerability such as a new CVE or mailing list
announcement please send it to the port maintainer and
ports-sect...@freebsd.org as quickly as possible. They are whoefully
understaffed and need our help.
Mark Felder wrote:
Who is
On 5/28/2015 11:47 AM, Bryan Drewery wrote:
On 5/27/2015 12:40 PM, Roger Marquis wrote:
...
This php one came up in the week and I almost
just fixed it, but doing those things burns me out as I have my own
priorities.
Once of which is maintaining the package builders for FreeBSD.org. On
the
If you find a vulnerability such as a new CVE or mailing list
announcement please send it to the port maintainer and
ports-sect...@freebsd.org as quickly as possible. They are whoefully
understaffed and need our help.
Mark Felder wrote:
Who is ports-secteam?
It was Xin Li who alerted me to
On Wed, May 27, 2015, at 12:40, Roger Marquis wrote:
* perhaps as a result the vuln.xml database is no longer reliable, and
by extension,
* operators of FreeBSD servers (unlike Debian, Ubuntu, RedHat, Suse and
OpenBSD server operators) have no assurance that their systems are
I found the ports security reporting without issues
http://www.freebsd.org/security/reporting.html. Appears someone should
read reporting page Instead of saying information is not correct.
On May 27, 2015 12:40 PM, Roger Marquis marq...@roble.com wrote:
If you find a vulnerability such as a new
* operators of FreeBSD servers (unlike Debian, Ubuntu, RedHat, Suse and
OpenBSD server operators) have no assurance that their systems are
secure.
Slow down here for a second. Where's the command-line tool on RedHat or
Debian that lists only the known vulnerable packages?
In RedHat
Mark Felder wrote:
Who is ports-secteam?
It was Xin Li who alerted me to the ports-sect...@freebsd.org address
i.e., as being distinct from the FreeBSD Security Team
(sect...@freebsd.org) address noted on
https://www.freebsd.org/security/.
Also have to thank Remko Lodder for pointing out
On Sat, May 23, 2015, at 10:30, Roger Marquis wrote:
If you find a vulnerability such as a new CVE or mailing list
announcement please send it to the port maintainer and
ports-sect...@freebsd.org as quickly as possible. They are whoefully
understaffed and need our help.
Who is
On Sun, May 24, 2015 at 12:53 AM, Xin Li delp...@delphij.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
On 5/23/15 09:14, Jason Unovitch wrote:
On Sat, May 23, 2015 at 11:30 AM, Roger Marquis marq...@roble.com
wrote:
If you find a vulnerability such as a new CVE or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
On 5/23/15 09:14, Jason Unovitch wrote:
On Sat, May 23, 2015 at 11:30 AM, Roger Marquis marq...@roble.com
wrote:
If you find a vulnerability such as a new CVE or mailing list
announcement please send it to the port maintainer and
Please send these things to ports-sect...@freebsd.org so that they
can have a look at these please.
Thanks,
Remko
On 23 May 2015, at 17:30, Roger Marquis marq...@roble.com wrote:
FYI regarding these new and significant failures of FreeBSD security
policy and procedures.
PHP55
On Sat, May 23, 2015 at 11:30 AM, Roger Marquis marq...@roble.com wrote:
If you find a vulnerability such as a new CVE or mailing list
announcement please send it to the port maintainer and
ports-sect...@freebsd.org as quickly as possible. They are whoefully
understaffed and need our help.
FYI regarding these new and significant failures of FreeBSD security
policy and procedures.
PHP55 vulnerabilities announced over a week ago
https://www.dotdeb.org/2015/05/22/php-5-5-25-for-wheezy/) have still
not been ported to lang/php55. You can, however, edit the Makefile,
increment the
Is it enough to only update php55?
I could create a patch with relative easyness in that case.
2015-05-23 17:30 GMT+02:00 Roger Marquis marq...@roble.com:
FYI regarding these new and significant failures of FreeBSD security
policy and procedures.
PHP55 vulnerabilities announced over a week
29 matches
Mail list logo