Subject: Re: pkg-vulnverabilities location
To: None <>
From: Jeremy C. Reed <>
List: tech-pkg
Date: 02/05/2005 22:20:22
On Sat, 5 Feb 2005, Kimmo Suominen wrote:

> Eric Haszlakiewicz <> writes:
> | 	I've been getting a bit annoyed that I need to keep creating a
> | /usr/pkgsrc/distfiles directory on machine without pkgsrc just to provide
> | a location for download-vulnerability-list to put it's list.  I know
> | I can change that by setting PKGVULNDIR, but it seems like a poor default.

I agree it could have a better setting for binary packages.

> I like ${DISTDIR} as the default.  I also set ${DISTDIR} in /etc/mk.conf
> to a value that is reachable on all machines via amd mounts.  In my case,
> this is what I use:
>     DISTDIR=/pub/distfiles
> As an additional benefit I only need to run down-vulnerability-list on
> one machine (I chose the one that has the physical disk).

I also share a distfiles directory for a few machines, but the original
poster said "on machine without pkgsrc" and I also have some machines with
out any pkgsrc builds.

> | 	How about if we change that to /var/db or /var/tmp?
> | (or even ${PREFIX}/var/db, if there's an easy way for a script to know
> |  where it happens to get installed into)
> I like all of these much less as a default.  Both /var/db and /var/tmp
> are local to each machine, and ${PREFIX}/var sounds like a really bad
> idea altogether in environments where ${PREFIX} is a shared disk, or is
> maintained by synchronizing its contents.

/var/tmp/ is especially unsafe since we don't have checks for safe temp

I think under VARBASE is a good idea. amavisd-new, cyrus-sasl2, dirmngr,
heimdal, libnasl, mit-krb5, nessus-*, pks, and others use VARBASE.
Although many of those are wrong in my opinion because they use top level
of VARBASE instead of working in some VARBASE/db or VARBASE/cache or

Maybe ${VARBASE}/db/pkg-vulnerabilities would be best?

 Jeremy C. Reed

 	  	 	 technical support & remote administration