Subject: Re: Proposed audit-packages changes
To: Todd Vierling <email@example.com>
From: Eric Haszlakiewicz <erh@NetBSD.org>
Date: 11/22/2005 12:34:17
On Tue, Nov 22, 2005 at 12:41:44PM -0500, Todd Vierling wrote:
> Actually, with neither audit-packages nor a vulnerabilities file on disk,
> pkgsrc worked *just fine* (albeit with warnings). Going back to this
> behavior by default is as much of a "weakening" of pkgsrc security as a
> reversion of recent irresponsible tax cuts is a tax "hike".
> The default should require neither of audit-packages nor
> pkg-vulnerabilities. Have it yell and scream all you want like it did
> previously, but building must not fail by default if these are not present.
That should still work, I think. There's still a check to see
if the vulnerabilities file is present, and a warning if it isn't.
The default just controls whether you get the warning or not.