Roland Illig wrote:
> Johnny C. Lam wrote:
>> Make check-vulnerable a source target for every phase of the build
>> workflow, which ensures that it is always run if the user starts a
>> new phase from the command line.
> 
> What's the rationale for this? The check-vulnerable target is pretty 
> time-consuming, and as long as you don't do a three-months break between 
> building a package and installing it, there's no benefit of it, is it?

This is the error that it catches... it is a partial guard against stale 
work directories, I think, although I'm working on a better set of 
checks for that at the moment.  I don't recall the exact reason, 
unfortunately.  I put this in because that was how pkgsrc behaved before 
I started refactoring it.  I'm open to only including it as a source 
target for "extract".

Note that check-vulnerable is only run once right now if you just type 
"make install" or even "make build install package", but is invoked 
twice if you do "make build && make install".

	Cheers,

	-- Johnny Lam <jlam@pkgsrc.org>