Page MenuHomeFreeBSD
Differential D37094

Suggest port maintainers submit bugs for VuXML updates.
Needs ReviewPublic
Actions

Authored by pauamma_gundo.com on Oct 23 2022, 12:52 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 19, 6:02 AM
Unknown Object (File)
Sat, Mar 18, 3:24 AM
Unknown Object (File)
Thu, Mar 16, 6:52 PM
Unknown Object (File)
Sun, Mar 5, 5:59 PM
Unknown Object (File)
Thu, Mar 2, 2:25 PM
Unknown Object (File)
Feb 17 2023, 4:35 PM
Unknown Object (File)
Feb 10 2023, 8:47 PM
Unknown Object (File)
Jan 7 2023, 1:51 PM
View All 10 Files
Subscribers
grahamperrin
riggs

Details

Reviewers
carlavilla
gjb
riggs
Group Reviewers
docs
ports secteam
Ports Committers
Summary

While there, add a missing word nearby.

Test Plan

make all

Eyeball lynx output

Diff Detail

Repository
R9 FreeBSD doc repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 50161
Build 47053: arc lint + arc unit

Event Timeline

pauamma_gundo.com requested review of this revision.Oct 23 2022, 12:52 AM
pauamma_gundo.com created this revision.
Harbormaster completed remote builds in B47963: Diff 112108.Oct 23 2022, 12:52 AM
pauamma_gundo.com added a comment.Nov 11 2022, 3:20 PM

Anything I should do to move this along?

carlavilla added a reviewer: Ports Committers.Nov 11 2022, 3:21 PM

Added ports team

grahamperrin added a subscriber: grahamperrin.Jan 22 2023, 12:16 PM

Side note: in a different chapter (out of scope for this review) there is, again, misuse of the phrase Security Officer Team.

https://docs.freebsd.org/en/books/porters-handbook/book/#makefile-maintainer

documentation/content/en/books/porters-handbook/security/_index.adoc
101–102

The order of words is strange (for example, as early after a security vulnerability is discovered as possible).

Also, re: discovery, port users should be notified only if a vulnerability is already publicly disclosed.

108–109

Security Officer is not a team.

Also, conciseness.

110–111

Security Officer is not a team.

111

Do you mean, a bug report with a summary line something like what's below?

security/vuxml: create an entry for category/portname

111–113

Security Officer is not a team.

grahamperrin added a comment.Jan 22 2023, 12:31 PM

If a bug report involves a publicly-disclosed vulnerability for which there's not yet a VuXML entry, then the report should have:

  • ports-secteam@ amongst CC recipients
  • keyword security
  • flag merge-quarterly set to ?
  • priority maximised, to Normal
  • severity maximised, to Affects Many People.

Also: why do we encourage addressing the Security Team, or Security Officer, without mentioning the (more relevant) Ports Security Team?

pauamma_gundo.com added a comment.Jan 22 2023, 1:02 PM

Good questions all. Waiting for a ports secteam member to address them so I can revise this usefully.

pauamma_gundo.com added a comment.Sun, Feb 26, 10:40 AM
In D37094#866667, @pauamma wrote:

Good questions all. Waiting for a ports secteam member to address them so I can revise this usefully.

ping ports secteam

riggs added a subscriber: riggs.Mon, Feb 27, 8:28 AM
In D37094#882796, @pauamma wrote:
In D37094#866667, @pauamma wrote:

Good questions all. Waiting for a ports secteam member to address them so I can revise this usefully.

ping ports secteam

Will take a look, thanks for the reminder.

riggs requested changes to this revision.Tue, Feb 28, 8:12 AM
riggs added inline comments.
documentation/content/en/books/porters-handbook/security/_index.adoc
108–109

Generally, here and all the other places in the doc: I'd mention both the Security Team (#t-secteam) and Ports Security Team(#t-ports-secteam). Our vuxml page (https://vuxml.freebsd.org/freebsd/index.html) contains both base system and ports vulnerabilities.
While the project admin page says that the Security Team is looking after src and ports, it also says the Ports Security Team is focused on ports, hence it will look after security/vuxml in the ports tree (and is the official maintainer of this port as per security/vuxml/Makefile).
So I'd contact ports-secteam@ first when there is something about security/vuxml that needs to be resolved.

This revision now requires changes to proceed.Tue, Feb 28, 8:12 AM
pauamma_gundo.com marked 4 inline comments as done.Sun, Mar 5, 10:58 PM

Updated patch to follow after it finishes building and I look it over.

documentation/content/en/books/porters-handbook/security/_index.adoc
101–102

Agreed to both, but out of scope.

108–109

Do you mean mention both where either is mentioned? Otherwise there's only here, unless I missed something.

111

Yes.

pauamma_gundo.com updated this revision to Diff 118362.Sun, Mar 5, 11:43 PM
pauamma_gundo.com marked an inline comment as done.
  • Address edit comments by riggs and grahamperrin
Harbormaster completed remote builds in B50161: Diff 118362.Sun, Mar 5, 11:43 PM

Revision Contents
Changeset List

PathSize
documentation/
content/
en/
books/
porters-handbook/
security/
12 lines

Diff 118362

View Options

documentation/content/en/books/porters-handbook/security/_index.adoc

Loading...