Subject: Re: HEADS UP: change regarding vulnerable packages
To: Hubert Feyrer <email@example.com>
From: Thomas Klausner <wiz@NetBSD.org>
Date: 05/07/2005 01:16:05
On Sat, May 07, 2005 at 12:18:39AM +0200, Hubert Feyrer wrote:
> I guess a policy about vulnerable packages should be documented near the
> policy about packages in general. I guess the closest thing to such a
> document would be somewhere in section 5 "Creating binary packages" of the
> pkgsrc guide. Maybe add a new section 5.3.9 "Handling vulnerable
It doesn't seem the right place -- there is no documentation
in this direction there so far.
It is even missing documentation on not uploaded restricted
packages (or did I overlook it?). Could you please add that?
We really shouldn't be doing that...
> (It may be worth investigating to move "5.3 Doing a bulk build of all
> packages" into the pkgsrc Developers' guide, e.g. as 11.4.)
Yes, and it should really recommend the sandbox method (i.e.
mention it first and only mention non-sandboxed builds as
alternate method if sandboxed ones are not possible for
a reason. pkg_comp could also be mentioned.)
> The pkgsrc or NetBSD guide? :) They may both need checking.
The pkgsrc guide. I'll take a look at the NetBSD guide later.
> Also, there are more places that mention the additional place:
> * src/distrib/notes/common/postinstall
I looked at it. I don't want to complicate the instructions
there any more, they are, after all, only intended to be basic.
> * src/usr.sbin/pkg_install/add/pkg_add.1 and any other places like
> pkgsrc/bootstrap/... this manpage resides
pkgsrc/pkgtools/pkg_install, I updated both.