Subject: Re: pkg_add mozilla ...?
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: John Franklin <franklin@elfie.org>
List: port-i386
Date: 08/29/2002 16:14:51
On Thu, Aug 29, 2002 at 10:06:32PM +0200, Manuel Bouyer wrote:
> On Thu, Aug 29, 2002 at 04:01:07PM -0400, John Franklin wrote:
> > network sources.) Similarly, does pkg_add take advantage of
> > audit-packages if present? Say, you install a package from a CDROM
> > that's old and has a security advisory on it. Pkg-add could allow it to
> > proceed (user selectable), but inform the user of the advisory via
> > audit-packages.
>
> It's much, much better to run audit-packages from cron. Because the package
> isn't marked as vulnerable at pkg_add time doesn't mean it won't be a few
> days later.
I meant in addition to having it run via cron. The CDROM you've
installed said binary package from may be many months old. The
audit-packages db is less than 24hrs old.
jf
--
John Franklin
franklin@elfie.org
ICBM: 35°43'56"N 78°53'27"W