[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: HEADS UP: security/audit-packages removal
Jeremy C. Reed wrote:
On Fri, 11 Jan 2008, Adrian Portelli wrote:
Ok, I'll remove security/audit-packages on Sunday and bump PKGTOOLS_REQD.
And add a note to the vulnerabilities database about it?
No. There will be no note initially as it will be supported at least
until 2008Q1 is cut. When we stop updating it or a little before we
will add an entry telling users it's being killed and point them to
installing a newer pkg_install.
I don't understand the PKGTOOLS_REQD bump at this time.
Even if you remove security/audit-packages, I don't see how that will
cause problems for the near future (as long as we provide the
vulnerabilities database compatible with it).
If someone wants to install audit-packages, they can choose to install
pkg_install. And if they already have audit-packages why are they required
to update pkg_install?
Well for a start the newer pkg_install conflicts with audit-packages as
they both install audit-packages files. So it's not actually possible
to have a newer pkg_install and audit-packages package on a system at
the same time.
Why is bumping PKGTOOLS_REQD required? Maybe that should not be bumped
until the old vulnerabilities database is no longer updated.
The concern voiced was that we are taking something away (i.e.
security/audit-packages) so we should clearly define an easy upgrade
path. By bumping PKGTOOLS_REQD users can upgrade and get the same
level of functionality they did when they had security/audit-packages
installed. As an added bonus it makes it easier for pkgsrc users to use
it as they will have all the tools they need when pkg_install is updated.
 Technically this will require a 'pkg_delete audit-packages' first
Main Index |
Thread Index |