Re: pkgsrc binary packages security with pkgin

To: Ottavio Caruso <ottavio2006-usenet2012%yahoo.com@localhost>
Subject: Re: pkgsrc binary packages security with pkgin
From: Leonardo Taccari <leot%NetBSD.org@localhost>
Date: Fri, 31 Jan 2020 13:05:12 +0100

Ottavio Caruso writes:
> [...]
> I believe there's an internal pkgsrc security mailing list to which 
> users have no access (I could be wrong), so I don't really know how this 
> auditing really works.
>
> One can always "pkg_admin fetch-pkg-vulnerabilities && pkg_admin audit".
> [...]

pkgsrc-security@ is a team, usually there isn't much traffic on it and
the most possible private information that happens is on an internal RT
ticket system to track tickets that then ends up in pkg-vulnerabilities
file.

However, this is mostly unrelated to signing binary packages (we manually
sign the pkg-vulnerabilities file but that's unrelated).

Follow-Ups:
- Re: pkgsrc binary packages security with pkgin
  - From: Ottavio Caruso

References:
- Re: pkgsrc binary packages security with pkgin
  - From: J. Lewis Muir
- Re: pkgsrc binary packages security with pkgin
  - From: yarl-baudig
- Re: pkgsrc binary packages security with pkgin
  - From: Ottavio Caruso

Prev by Date: Re: pkgsrc binary packages security with pkgin
Next by Date: Re: pkgsrc binary packages security with pkgin
Previous by Thread: Re: pkgsrc binary packages security with pkgin
Next by Thread: Re: pkgsrc binary packages security with pkgin
Indexes:

Home | Main Index | Thread Index | Old Index