[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
RE: install/46646: sysinst should configure fetch-pkg-vulnerabilities automatically if you choose to install pkgsrc
The following reply was made to PR install/46646; it has been noted by GNATS.
From: David Ross <dross%pobox.com@localhost>
To: <gnats-bugs%netbsd.org@localhost>, <install-manager%netbsd.org@localhost>,
Subject: RE: install/46646: sysinst should configure
fetch-pkg-vulnerabilities automatically if you choose to install pkgsrc
Date: Wed, 4 Jul 2012 19:23:27 -0700
A response I posted a little earlier today was mangled because I didn't sen=
d as a plain-text. My high level points:
- I agree that a sysinst menu option to enable vulnerability checking is a=
good compromise. This could be right under the new option that installs p=
- The benefit of the feature (to me) is that it tells you a package is vul=
nerable right when you try to build it.
- If this feature is implemented=2C it should set everything up so that th=
e vulnerability database is ready the first time you try to build a package=
. (Not just after 24 hours via a cron job.)
> From: gnrp%komkon2.de@localhost
> To: install-manager%netbsd.org@localhost=3B
> gnats-admin%netbsd.org@localhost=3B netbsd-bugs@n=
> Subject: Re: install/46646: sysinst should configure fetch-pkg-vulnerabil=
ities automatically if you choose to install pkgsrc
> Date: Wed=2C 4 Jul 2012 20:35:06 +0000
> The following reply was made to PR install/46646=3B it has been noted by =
> From: Julian Djamil Fagir <gnrp%komkon2.de@localhost>
> To: matthew green <mrg%eterna.com.au@localhost>=2C
> Subject: Re: install/46646: sysinst should configure
> fetch-pkg-vulnerabilities automatically if you choose to install pkgsrc
> Date: Wed=2C 4 Jul 2012 22:30:16 +0200
> Content-Type: text/plain=3B charset=3DUS-ASCII
> Content-Transfer-Encoding: quoted-printable
> > > For fetch-pkg-vulnerabilities to be useful in most scenarios the MTA
> > > must be set up=2C thus network being set up=2C etc=2C a long ist of
> > > dependencies. I would consider this fine-tuning rather than setup. An=
> > > think sysinst should stay minimal=2C with only a selected set of acti=
> > > be performed which are really needed for initial setup.
> > this is false.
> > it's useful for having pkgsrc tell you that the package you're
> > installing is vulnerable=2C which is extremely useful and good.
> > additionally=2C having it setup means the admin can manually run
> > the check. again=2C quite useful and good.
> ok=2C I mixed this up after reading the comment about daily.conf.
> > Regarding fetch_pkg_vulnerabilities=3D3DYES in daily.conf
> > I'm wondering if this will run immediately on the first boot. Otherwise
> > the user will likely just start building from pkgsrc right away without=
> > benefit of the vulnerability check. Looks like there was a previous
> > discussion of this:
> > http://mail-index.netbsd.org/tech-userlevel/2010/01/oindex.html
> > See "fetch_pkg_=3D3Dvulnerabilities enabled by default (was: CVS commit=
> > src/etc)"
> Yep=2C this should be different.
> I'm still not sure about this. Having something in sysinst (and especiall=
> doing it by default) makes it the new default for everyone using sysinst =
> installing pkgsrc.
> I agree with you it's useful=2C but where does usefulness stop?
> You might argue that mdnsd is not needed for setting up a new system (tbh=
> I've never even looked at it)=2C but it's exactly that kind of discussion=
> Especially having something periodic set up automatically is more critica=
> I'm not opposed to adding this feature to sysinst=2C but I would like to =
> discussion about what sysinst should be able to do and what kind of syste=
> finally sets up before adding more only useful features.
> If you tell me this is the official line and it should be done - ok=2C it=
> much work to implement that.
> Regards=2C Julian
> Content-Type: application/pgp-signature=3B name=3Dsignature.asc
> Content-Disposition: attachment=3B filename=3Dsignature.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.18 (NetBSD)
> -----END PGP SIGNATURE-----
Main Index |
Thread Index |