[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: audit-packages/download-vulnerability-list integration?
On Mon, Jul 14, 2008 at 07:04:18AM +0200, Bernd Ernesti wrote:
> On Mon, Jul 14, 2008 at 02:24:23AM +0200, Hubert Feyrer wrote:
> > Looking at -current: Now that audit-packages and
> > download-vulnerability-list are part of the base system, I think it would
> > be nice to offer hooks to run them nightly, e.g. via daily.conf(5) or
> > security.conf(5). I haven't seen any references there, though - can this
> > be added, is it intended that users add manual cronjobs, or what's the
> > idea here?
> This seems to be a topic for current-users, since you are talking about
> the base system.
> IMHO they should not be activated by default, if they will be added.
> Packages are optional and so it shouldn't run automatically since it
> requires an up to date vulnerability file and doing that is not a good
> idea. Think about systems which are not allowed to be modified or
> what if every new installation connects to a server for getting it at
> the same time. Or what if such systems have no packagea at all installed.
Of course that's possible, but I have a feeling that there are very few
systems out there that don't have at least one package installed. I agree
that it shouldn't on by default, but having a easy to flip config option
in daily.conf or security.conf would be nice. Hubert, are you offering
to write that?
Main Index |
Thread Index |