On Tue, Dec 30, 2003 at 12:21:44AM +0100, Martin Weber wrote:
> On Mon, Dec 29, 2003 at 11:58:02AM -0500, Perry E. Metzger wrote:
> > 
> > Michal Pasternak <michal@pasternak.w.lub.pl> writes:
> > > Perry E. Metzger [Mon, Dec 29, 2003 at 11:20:41AM -0500]:
> > >> We really either need to remove that message, or add a job that
> > >> automatically tweaks the vulnerability list if it hasn't been touched
> > >> in a few days. Getting this message spuriously is a serious pain in
> > >> the neck -- we should not generate errors if all is well.
> > >
> > > And how do you know if it is really all well?
> > 
> > If you can download the file without any trouble, then you should not
> > be screaming. At worst, an alarm should be screaming for the pkgsrc
> > maintainers, not for each of the tens of thousands of users.
> 
> ...
> 
> 221-
>     Data traffic for this session was 40312 bytes in 1 file.
> 		Total traffic for this session was 44634 bytes in 1 transfer.
> 		221 Thank you for using the FTP service on ftp.NetBSD.org.
> 		No change from existing package vulnerabilities file
> 
> ...
> 
> This implies a successful attempt of the system administrator (or
> cron) to fetch the vulnerabilities file. If you patch 
> download-vulnerability-list like this ...

...you'd lose useful information.

I've changed audit-packages to only output the "over 7 days" message if
-v is specified on the command line.

Regards,
Alistair
--
Alistair Crooks <agc@pkgsrc.org>