Page MenuHomeFreeBSD
Differential D1904

address bug 197312
ClosedPublic
Actions

Authored by jgh on Feb 19 2015, 9:27 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Apr 5, 1:36 AM
Unknown Object (File)
Fri, Mar 14, 1:05 AM
Unknown Object (File)
Mar 11 2025, 10:09 AM
Unknown Object (File)
Mar 6 2025, 4:02 AM
Unknown Object (File)
Mar 4 2025, 12:09 PM
Unknown Object (File)
Feb 7 2025, 11:40 PM
Unknown Object (File)
Feb 1 2025, 1:25 PM
Unknown Object (File)
Dec 16 2024, 1:51 PM
View All 70 Files
Subscribers
None

Details

Reviewers
bjk
wblock
remko
bcr
Summary

bug

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

jgh updated this revision to Diff 3860.Feb 19 2015, 9:27 PM
jgh retitled this revision from to address bug 197312.
jgh updated this object.
jgh edited the test plan for this revision. (Show Details)
jgh added reviewers: bcr, remko, wblock.
jgh set the repository for this revision to rD FreeBSD doc repository - subversion.
wblock edited edge metadata.Feb 20 2015, 1:49 AM

This can be rearranged to be imperative. (Shown without wrapping, and note capitalization in Ports Collection.)

Report security issues specific to the FreeBSD Ports Collection to the <a href="mailto:secteam@FreeBSD.org">FreeBSD Ports Security Team</a>.

(Is that the right email address?)

jgh updated this revision to Diff 3867.Feb 20 2015, 8:27 AM
jgh edited edge metadata.

updated content and double-checked email address.
I am on the ports security team.

jgh added a comment.Feb 20 2015, 8:29 AM

my apologies for the two files... it is the same path, I just did the diff at a different level

bcr added a reviewer: bjk.Feb 21 2015, 3:53 PM

Keep Ben in the loop as he has commented on the bug before (although on a different issue).

bjk edited edge metadata.Feb 22 2015, 10:05 PM

The context just before this starts off

<p>All FreeBSD security issues should be reported to the <a
    href="mailto:secteam@FreeBSD.org">FreeBSD Security Team</a>
  or, if a higher level of confidentiality is required, PGP

This proposed addition makes the "All" no longer quite right. Given that the extra context does allow the possibility of non-encrypted mail, I will not make a blocking objection based on the non-existence of a ports-secteam PGP key; however, I will note that the proposed new text gives no guidance on what should be done when reporting an issue specific to the Ports Collection (note, capital 'C', I think) that does require a higher level of confidentiality. If we're going to touch this text, I think it would be useful to say what to do in that case.

wblock added inline comments.Feb 26 2015, 10:23 PM
htdocs/security/reporting.xml
39

(I think this is the correct version to mark up. It would probably be best to always generate these relative to the root directory of the doc checkout.)

This reads better as "should contain at least:".

bcr added a comment.Mar 18 2015, 11:34 AM

ping?

jgh updated this revision to Diff 4424.Mar 25 2015, 9:50 PM
jgh edited edge metadata.

updated diff to address issue

wblock added inline comments.Mar 25 2015, 11:13 PM
htdocs/security/reporting.xml
17

Switch "at least" and "contain":

All reports should contain at least:

jgh updated this revision to Diff 4425.Mar 25 2015, 11:25 PM

addressed comment

wblock accepted this revision.Mar 26 2015, 1:07 AM
wblock edited edge metadata.
This revision is now accepted and ready to land.Mar 26 2015, 1:07 AM
jgh closed this revision.Mar 26 2015, 2:19 AM

Revision Contents
Changeset List

PathSize
htdocs/
security/
11 lines

Diff 4424

View Options

htdocs/security/reporting.xml

Context not available.
<a name="how"></a> <a name="how"></a>
<h2>How and where to report a FreeBSD security issue</h2> <h2>How and where to report a FreeBSD security issue</h2>
<p>All FreeBSD security issues should be reported to the <a <p>FreeBSD security issues specific to the Operating System
should be reported to the <a
href="mailto:secteam@FreeBSD.org">FreeBSD Security Team</a> href="mailto:secteam@FreeBSD.org">FreeBSD Security Team</a>
or, if a higher level of confidentiality is required, PGP or, if a higher level of confidentiality is required, PGP
encrypted to the <a encrypted to the <a
href="mailto:security-officer@FreeBSD.org">Security Officer href="mailto:security-officer@FreeBSD.org">Security Officer
Team</a> using the <a href="so_public_key.asc">Security Team</a> using the <a href="so_public_key.asc">Security
Officer PGP key</a>. All reports should at least contain:</p> Officer PGP key</a>.</p>
<p>FreeBSD security issues specific to the Ports Collection should
wblockUnsubmitted
Not Done
Inline Actions

(I think this is the correct version to mark up. It would probably be best to always generate these relative to the root directory of the doc checkout.)

This reads better as "should contain at least:".

wblock: (I think this is the correct version to mark up. It would probably be best to always generate…
be reported to the <a href="mailto:ports-secteam@FreeBSD.org">
FreeBSD Ports Security Team</a>.</p>
<p>All reports should at least contain:</p>
<ul> <ul>
<li>A description of the vulnerability.</li> <li>A description of the vulnerability.</li>
<li>What versions of FreeBSD seem to be affected if possible.</li> <li>What versions of FreeBSD seem to be affected if possible.</li>
Context not available.