pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: HEADS UP: security/audit-packages removal

On Mon, 7 Jan 2008, Adrian Portelli wrote:

Hisashi T Fujinaka wrote:
I'm unclear on the whole thing. On my -current system, audit-packages
does nothing. Well, it does something but doesn't indicate anything.
What am I supposed to be doing to check my packages on -current?

Have a look at the MESSAGE from pkgsrc/pkgtools/pkg_install and see if
that answers any of your questions.  I'd point you to other sources on but I've just realised they are not fully up to date :<
I'll get on to updating them ASAP, but basically you:

* Run download-vulnerability-list from cron to get the updated list of
vulnerable packages (a.k.a pkg-vulnerabilities)
* Run audit-packages from cron to scan for installed vulnerable packages

Also, if you install a package, and the pkgsrc infrastructure detects
you have the pkg-vulnerabilities file, it will warn you if the package
you are trying to install has any known security issues.

I'm also sane and run "stable" versions of netbsd on several
"production" servers rather than -current. What do I use instead of

As I mentioned in my initial email all the functionality in
security/audit-packages is now in pkg_install.  Just make sure you have
a recent pkg_install package (i.e. post 20070714) and you will have all
the tools at your disposal.

Apparently something changed and I missed the notification, or perhaps
it was all decided on netbsd-core and the regular folks have no idea
what's going on. (Yes, this is yet another ignored complaint about
netbsd-core's opacity.)

The only real change that's gone on here is that security/audit-packages
has been replaced by tools in pkgtools/pkg_install.  With that
replacement has come extra functionality and improved performance.  So
basically is a case of "same job, different tools".  Nothing has been
hidden here and there are multiple emails to public lists and
announcements that detail this [1].  Also, all the tools have associated
man pages.




OK. Thanks for the info and the background!

Hisashi T Fujinaka -
BSEE(6/86) + BSChem(3/95) + BAEnglish(8/95) + MSCS(8/03) + $2.50 = latte

Home | Main Index | Thread Index | Old Index