Subject: Re: Proposed audit-packages changes
To: Todd Vierling <tv@duh.org>
From: Eric Haszlakiewicz <erh@NetBSD.org>
List: tech-pkg
Date: 11/22/2005 12:34:17
On Tue, Nov 22, 2005 at 12:41:44PM -0500, Todd Vierling wrote:
> Actually, with neither audit-packages nor a vulnerabilities file on disk,
> pkgsrc worked *just fine* (albeit with warnings).  Going back to this
> behavior by default is as much of a "weakening" of pkgsrc security as a
> reversion of recent irresponsible tax cuts is a tax "hike".
>
> The default should require neither of audit-packages nor
> pkg-vulnerabilities.  Have it yell and scream all you want like it did
> previously, but building must not fail by default if these are not present.

	That should still work, I think.  There's still a check to see
if the vulnerabilities file is present, and a warning if it isn't.
The default just controls whether you get the warning or not.

eric