Subject: Re: ALLOW_VULNERABLE_PACKAGES should be precise
To: None <firstname.lastname@example.org>
From: Gavan Fantom <email@example.com>
Date: 08/26/2005 11:27:53
Geert Hendrickx wrote:
> I think this is a good idea. About the version: it should allow >= that
> version then. Say there are two vulns in a package, and an update fixes
> one of them, then pkgsrc won't allow upgrading to it as it is still
> vulnerable AND doesn't match the version specified in the ALLOW_VULNERABLE_
> PACKAGES variable.
I would very much like to see the ability to set just the package name,
without having to specify versions.
Even if that means saying "apache-*".
>>(I wonder if anyone sets ALLOW_VULNERABLE_PACKAGES in their mk.conf...)
> I do on some (non-production) systems. I only wish pkgsrc would still
> print out a big fat warning when installing a vulnerable package, because
> with ALLOW_VULNERABLE_PACKAGES set permanently, you don't even notice...
I would set it in mk.conf for specific packages, but I wouldn't want to
set it for all packages.
Gillette - the best a man can forget