Subject: Re: Speeding up the vulnerabilities check
To: None <tech-pkg@NetBSD.org>
From: Roland Illig <firstname.lastname@example.org>
Date: 02/27/2005 17:07:34
Alistair Crooks wrote:
> I took smb's suggestion, and added a check in for a metacharacter in the
> "skip" case, which makes things a lot faster for me, and restores the
> previous behaviour of only running a pkg_admin check if the PKGBASE is
> the vulnerable pattern, or if there's a metacharacter in the pattern.
> Further testing is needed - hence this mail.
I like your patch, too, especially because it is so much shorter than
mine. But it is also a bit slower, because it still calls pkg_admin 57
times instead of only one time:
$ cd /usr/pkgsrc/pkgtools/pkglint
$ make check-vulnerable PKG_ADMIN=true | grep WARNING | wc -l
Your patch restricts us a bit on the valid PKGBASE names to not use any
regexp metacharacters. We already have packages that contain regexp
$ cd /usr/pkgsrc
$ ls -d */*/ | grep -Eiv '^[-a-z0-9]+/[-_a-z0-9]+/$'
Also we must agree that every pattern in pkg-vulnerabilities contains
the complete PKGBASE as a substring, which is not required by now. So if
you commit your patch, please update the documentation in the