On Mon, May 03, 2004 at 01:29:10AM +0800, Xin LI wrote: > Greetings, > > I'm a little curious about the way FORBIDDEN knob is used in ports system. > Traditionally, we use it to mark a port which have known security issue, > with the new vuxml mechanism, are we still doing the same thing when > necessary? Or, only the "critical" ones, for example, remote exploitable > buffer overruns, etc? > > If the second assumption (only critical ones are marked FORBIDDEN) > is true, then what's our criteria of what should be marked FORBIDDEN > or not? Say, how serious a bug should be before a port is marked > FORBIDDEN? > > Someone who knows about these things please clarify this. Thanks in advance! The VuXML document is used to record practically all security issues, large or small. FORBIDDEN is more subjective. Personally, I mark a port FORBIDDEN if I believe it presents immediate danger to users. Cheers, -- Jacques Vidrine / [email protected] / [email protected] / [email protected] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"