I think that would be good to have the same vuln-file also in HTTP. Because FTP is unaccessible behind some firewalls, and it's an important file to be catched by a server.

what do you think?

On Mon, 20 Jun 2005 14:03:55 +0200
Geert Hendrickx <geert.hendrickx@ua.ac.be> wrote:

> I have been wondering for a while why the pkg-vulnerabilities file has
> to been downloaded completely via FTP each time.  Since it's largely an
> append-only file, it could very well be synchronised via CVS, if the
> file was somewhere in the pkgsrc/ CVS repository.  
> 
> I have been messing with the download-vulnerability-list script (to be
> renamed to update-vulnerability-list), assuming the vulnerabilities file
> is in the root of $PKGSRCDIR.  It cvs updates the file if it's already
> there, and checks it out otherwise.  This way the file would also be
> updated on a regular pkgsrc update.  (see patch in attachment)
> 
> What do you think?  
> 
> GH
> 
> -- 
> :wq
>