Subject: proposal: adding security-advisory variables to package makefiles.
To: None <>
From: Bill Sommerfeld <>
List: tech-pkg
Date: 09/11/2000 17:25:37
I'd like there two be two new optional package makefile variables:

INSECURE_BEFORE= <package-version>

   This declares that packages older than the specified package-version
   may contain known security holes and should be upgraded ASAP.


   This is intended to contain one or more URLs containing security
   advisories explaining why the INSECURE_BEFORE entry was added.

Intended usage:

 - Reduce the effort needed to generate netbsd-specific security
advisories for third-party packages.

 - Include information in the generated README.html

 - Can be used to generate a consolidated "advisory checker" list.

 - Allow for the creation of tools which download the most recent
package advisory list from a * server, check vs. installed
packages on a system, and email the system administrator suggesting
that upgrading the packages would be in order.

					- Bill