On 5/17/2015 4:02 PM, Roger Marquis wrote:> Does anyone know what's going on with vuln.xml updates? Over the last > few weeks and months CVEs and application mailing lists have announced > vulnerabilities for several ports that in some cases only showed up in > vuln.xml after several days and in other cases are still not listed > (despite email to the security team). > > Is there a URL outlining the policies and procedures of vuln.xml > maintenance? >ports-secteam@ owns this file, not secteam at . The team needs more help. Would you like to volunteer to submit vuxml updates? Many contributors, and committers, feel the file is not easy to contribute to. Regards, Bryan Drewery -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20150518/b5e4603f/attachment.sig>
> ports-secteam@ owns this file, not secteam at .Thanks for the pointer Bryan. I would hope that port vulnerability emails are forwarded from secteam@ to ports-secteam@, by policy, as the freebsd.org website is not clear on this. Either way at least I/we now know the right address/es.> The team needs more help. > Would you like to volunteer to submit vuxml updates? Many contributors, > and committers, feel the file is not easy to contribute to.I have been submitting ports vulnerability updates and will continue to do so (now to ports-secteam@). If there are any open seats on ports-secteam I would like to contribute on that level as well. Still interested in the team's policies and procedures, if those are online somewhere. Roger Marquis