On 11/04/2021 21:49, Gian Piero Carrubba wrote:
* [Sun, Apr 11, 2021 at 09:36:05PM +0200] Miroslav Lachman:
On 11/04/2021 21:21, Gian Piero Carrubba wrote:
CCing ports-secteam@ as it seems a more appropriate recipient.
Vulnerabilities in base should be handled by core secteam, not ports
secteam.
The maintainer address for vuxml is ports-secteam@, so my impression is
that entries in vuxml, regardless if they affect base or ports, are
managed by them. Am I wrong?
Because there are entries mainly for ports and vuxml is port too. But
the responsible side for vulnerabilities in base is Security Officer
Team. They are publishing SAs, they should create and submit entries to
vuxml. They are almost always lacking behind, sometimes for months. I
tried created patches with entries in the past because I am the author
of base-audit script and maintainer of the port but then it was waiting
for a long time to have it confirmed by Security Officer Team.
I fought with this many times.
Responsibilities of the FreeBSD Ports Security Team
https://wiki.freebsd.org/ports-secteam
Kind regards
Miroslav Lachman
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
