NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Allow_vulnerable_packages= yes

Edgar Rodolfo <> writes:

> Then i put in /usr/pkgsrc/mk/default/mk.conf
> is a risk it?, if i don't put it i can't use squid and other packages
> :(, currently i am using my small  server (squid and dns and other)

Basically the situation is:

  almost all software has vulnerabilities

  some of those are known

  some of the known ones are known publically

  some of the publically known ones are listed in pkg-vulnerabilities

  pkgsrc, by default, will not build (and perhaps not install) packages
  which have a vulnerability listed in pkg-vulnerabilities

  if you set ALLOW_VULNERABLE_PACKAGES=yes, then the check/stop for
  packages in pkg-vulnerabilities is skipped.

So "is it a risk" is a question about your particularly situation and
the particular programs you are running, and there is no general
answer.  Your choices are:

  1) figure out how to stop using php and squid

  2) install the new version anyway (perhaps figuring that replacing an
  older version with a newer version is not incrementally worse, usually)

  3) go read the advistory and figure out if ther's a new version and/or a
  patch, and install that.  Optionally send a patch to the package to
  help others out

  4) turn off your computer until someone else does (3)

Attachment: pgpeyMwW7J9HD.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index