[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: HEADS UP: security/audit-packages removal
I don't see what the problem is with removing security/audit-packages.
Removing the security/audit-packages from pkgsrc doesn't remove the
package from the user's system.
And if the user doesn't already use it, it doesn't matter.
If they choose to use someday, then they can choose to update their
pkg_install (if they still don't have it).
As for the vulnerabilities database itself, maybe it should be maintained
for a couple quarters.
Also once we choose end-of-life for the package and the database, the
pkg-vulnerabilities file itself should be updated with a new
audit-packages entry to point to it.
Or maybe keep the audit-packages for more quarters but have it fail to
build because of the audit-packages entry (which will inform those who
already have it) and add some custom variable also to inform others (can't
install without setting it).
Main Index |
Thread Index |