Page MenuHomeFreeBSD

address bug 197312
ClosedPublic

Authored by jgh on Feb 19 2015, 9:27 PM.

Details

Summary

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

jgh updated this revision to Diff 3860.Feb 19 2015, 9:27 PM
jgh retitled this revision from to address bug 197312.
jgh updated this object.
jgh edited the test plan for this revision. (Show Details)
jgh added reviewers: bcr, remko, wblock.
jgh set the repository for this revision to rD FreeBSD doc repository.
wblock edited edge metadata.Feb 20 2015, 1:49 AM

This can be rearranged to be imperative. (Shown without wrapping, and note capitalization in Ports Collection.)

Report security issues specific to the FreeBSD Ports Collection to the <a href="mailto:secteam@FreeBSD.org">FreeBSD Ports Security Team</a>.

(Is that the right email address?)

jgh updated this revision to Diff 3867.Feb 20 2015, 8:27 AM
jgh edited edge metadata.

updated content and double-checked email address.
I am on the ports security team.

jgh added a comment.Feb 20 2015, 8:29 AM

my apologies for the two files... it is the same path, I just did the diff at a different level

bcr added a reviewer: bjk.Feb 21 2015, 3:53 PM

Keep Ben in the loop as he has commented on the bug before (although on a different issue).

bjk edited edge metadata.Feb 22 2015, 10:05 PM

The context just before this starts off

<p>All FreeBSD security issues should be reported to the <a
    href="mailto:secteam@FreeBSD.org">FreeBSD Security Team</a>
  or, if a higher level of confidentiality is required, PGP

This proposed addition makes the "All" no longer quite right. Given that the extra context does allow the possibility of non-encrypted mail, I will not make a blocking objection based on the non-existence of a ports-secteam PGP key; however, I will note that the proposed new text gives no guidance on what should be done when reporting an issue specific to the Ports Collection (note, capital 'C', I think) that does require a higher level of confidentiality. If we're going to touch this text, I think it would be useful to say what to do in that case.

wblock added inline comments.Feb 26 2015, 10:23 PM
htdocs/security/reporting.xml
39

(I think this is the correct version to mark up. It would probably be best to always generate these relative to the root directory of the doc checkout.)

This reads better as "should contain at least:".

jgh updated this revision to Diff 4424.Mar 25 2015, 9:50 PM
jgh edited edge metadata.

updated diff to address issue

wblock added inline comments.Mar 25 2015, 11:13 PM
htdocs/security/reporting.xml
17

Switch "at least" and "contain":

All reports should contain at least:

jgh updated this revision to Diff 4425.Mar 25 2015, 11:25 PM

addressed comment

wblock accepted this revision.Mar 26 2015, 1:07 AM
wblock edited edge metadata.
This revision is now accepted and ready to land.Mar 26 2015, 1:07 AM
jgh closed this revision.Mar 26 2015, 2:19 AM