On Thu, Aug 29, 2002 at 10:06:32PM +0200, Manuel Bouyer wrote:
> On Thu, Aug 29, 2002 at 04:01:07PM -0400, John Franklin wrote:
> > network sources.)  Similarly, does pkg_add take advantage of
> > audit-packages if present?  Say, you install a package from a CDROM
> > that's old and has a security advisory on it.  Pkg-add could allow it to
> > proceed (user selectable), but inform the user of the advisory via
> > audit-packages.
> 
> It's much, much better to run audit-packages from cron. Because the package
> isn't marked as vulnerable at pkg_add time doesn't mean it won't be a few
> days later.

I meant in addition to having it run via cron.  The CDROM you've
installed said binary package from may be many months old.  The
audit-packages db is less than 24hrs old.

jf
-- 
John Franklin
franklin@elfie.org
ICBM: 35°43'56"N 78°53'27"W