tech-pkg: Re: improved pkg-vulnerabilities checking

Subject: Re: improved pkg-vulnerabilities checking
To: Roland Illig <rillig@NetBSD.org>
From: Eric Haszlakiewicz <erh@jodi.nimenees.com>
List: tech-pkg
Date: 11/14/2005 12:02:41

On Mon, Nov 14, 2005 at 12:25:44PM +0100, Roland Illig wrote:
> Please rename AUDIT_PACKAGES_OK to _AUDIT_PACKAGES_OK, as it is not 
> meant as user-visible. Same for AUDIT_PACKAGES_MIN_VERSION.
> 
> In bsd.pkg.mk:
> > _ALLOW_VULNERABILITIES=
> I prefer "_ALLOW_VULNERABILITIES=#none" for readability.
	ok, sounds fine to me.

> > +++ security/audit-packages/Makefile
> > @@ -20,6 +20,8 @@
> >  OWN_DIRS=	${PKGVULNDIR}
> >  INSTALLATION_DIRS=	man/cat8 man/man8 sbin
> >
> > +SKIP_AUDIT_PACKAGES=	#defined
> 
> Why not "yes" instead of "#defined"?
	uh, just 'cause? :-)  I suppose "yes" is a little more readable.

> > +++ security/audit-packages/files/audit-packages
> > +for ign in "$ignore_list" ; do
> 
> This will iterate exactly once. I think the quotes should be removed.

	d'oh!  thanks.

eric