Subject: Re: pkg/19479: pkgsrc waits until package is built to check for security alert
To: John Franklin <email@example.com>
From: Alistair Crooks <firstname.lastname@example.org>
Date: 12/22/2002 10:08:10
On Fri, Dec 20, 2002 at 10:18:41PM -0500, John Franklin wrote:
> On Fri, Dec 20, 2002 at 04:59:26PM -0800, Jeremy C. Reed wrote:
> > On Fri, 20 Dec 2002 email@example.com wrote:
> > > Add checks early on in the make process that a package has a security
> > > alert issued for it.
> > Are you talking about audit-packages?
> > Are you suggesting checking the vulnerabilities list at beginning of the
> > make? That does sound like an okay idea (if audit-packages is installed).
> Yes, and yes.
pkg_info(1) used to need an installed package name for it to do its
matching. Hence the check at install time for a vulnerable package.
I'm still not too chuffed about the interface that pkg_admin has.
More as it happens,