Re: audit-packages/download-vulnerability-list integration?

[Eric Haszlakiewicz <erh%nimenees.com@localhost>]

On Mon, Jul 14, 2008 at 07:04:18AM +0200, Bernd Ernesti wrote:
> On Mon, Jul 14, 2008 at 02:24:23AM +0200, Hubert Feyrer wrote:
> > 
> > Looking at -current: Now that audit-packages and 
> > download-vulnerability-list are part of the base system, I think it would 
> > be nice to offer hooks to run them nightly, e.g. via daily.conf(5) or 
> > security.conf(5). I haven't seen any references there, though - can this 
> > be added, is it intended that users add manual cronjobs, or what's the 
> > idea here?
> 
> This seems to be a topic for current-users, since you are talking about
> the base system.
> IMHO they should not be activated by default, if they will be added.
> 
> Packages are optional and so it shouldn't run automatically since it
> requires an up to date vulnerability file and doing that is not a good
> idea. Think about systems which are not allowed to be modified or
> what if every new installation connects to a server for getting it at
> the same time. Or what if such systems have no packagea at all installed.

Of course that's possible, but I have a feeling that there are very few
systems out there that don't have at least one package installed.  I agree
that it shouldn't on by default, but having a easy to flip config option
in daily.conf or security.conf would be nice.  Hubert, are you offering
to write that?

eric