Subject: Re: vulnerabilities report..
To: None <>
From: Hubert Feyrer <>
List: tech-pkg
Date: 11/22/2000 07:21:00
On Tue, 21 Nov 2000, Alistair Crooks wrote:
> The show-vulnerabilities target is not meant to be run directly, although
> you can still do it if you want. You are meant to run the audit-packages
> script. The show-vulnerabilities target is run automatically at the end of
> the fake-pkg target to check that the package you have just installed has
> any known exploits. You could add some text to Packages.txt if you want, but
> I'd prefer it if you didn't, since that would only encourage people to use
> what's meant to be an internal target.

Hum, shouldn't it be the person who implemented something that documents
it? I start to get a little bit fed up to run after people documenting
their stuff. Esp. when I wake up at 7am...

Obviously what that person should do is:

1. Hint at the "auddit-packages" package and it's scripts in the output
   of the show-vulnerabilities target. 
2. Add some text to section #9 of Packages.txt (or add a section #4 in
   the "User's Guide" part that contains FAQs, just as in the "Package
   Constructor's Guide"). 

 - Hubert

Hubert Feyrer <>