Subject: Re: pkg/19479: pkgsrc waits until package is built to check for security alert
To: Jeremy C. Reed <email@example.com>
From: John Franklin <firstname.lastname@example.org>
Date: 12/20/2002 22:18:41
On Fri, Dec 20, 2002 at 04:59:26PM -0800, Jeremy C. Reed wrote:
> On Fri, 20 Dec 2002 email@example.com wrote:
> > >Synopsis: pkgsrc waits until package is built to check for security
> > >alert
> > >How-To-Repeat:
> > cd /usr/pkgsrc
> > cvs update -r netbsd-1-5-PATCH003
> You requested the old (non-updated) version.
Updated binary packages aren't available on ftp.netbsd.org for 1.5.3,
which means I have to build them myself.
The pkgsrc-current makefiles don't work with out some new .mk files or
the -current make and possibly the rest of the toolchain. I'm not sure
which, and when I'm running a production system looking for updated
packages to fix security holes, I'm not interested in debugging it.
> > cd www/w3m
> > make install
> > >Fix:
> > Add checks early on in the make process that a package has a security
> > alert issued for it.
> Are you talking about audit-packages?
> Are you suggesting checking the vulnerabilities list at beginning of the
> make? That does sound like an okay idea (if audit-packages is installed).
Yes, and yes.
ICBM: 35°43'56"N 78°53'27"W