pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: HEADS UP: security/audit-packages removal

I don't see what the problem is with removing security/audit-packages.

Removing the security/audit-packages from pkgsrc doesn't remove the 
package from the user's system.

And if the user doesn't already use it, it doesn't matter.

If they choose to use someday, then they can choose to update their 
pkg_install (if they still don't have it).

As for the vulnerabilities database itself, maybe it should be maintained 
for a couple quarters.

Also once we choose end-of-life for the package and the database, the 
pkg-vulnerabilities file itself should be updated with a new 
audit-packages entry to point to it.

Or maybe keep the audit-packages for more quarters but have it fail to 
build because of the audit-packages entry (which will inform those who 
already have it) and add some custom variable also to inform others (can't 
install without setting it).

Home | Main Index | Thread Index | Old Index