In message <Pine.NEB.4.62.0601251047580.668@pilchuck.reedmedia.net>, "Jeremy C.
 Reed" writes:
>On Wed, 25 Jan 2006, Steven M. Bellovin wrote:
>
>> Like many others, I run audit-packages to learn what I need to update.  
>> When I get hits, I do a 'cvs update' and try to build.  Normally, that 
>> takes at least several days, with the added load on the CVS servers.  
>> It would be nice if there was a single file, updated daily, that had 
>> the version string for each package.  I could then write a script that 
>> would pull down the version strings for every insecure package I have, 
>> and check those strings against the vulnerabilities file.
>> 
>> Is this feasible?  I don't see any target that would produce the 
>> version string that we need.
>
>Can you describe this more?
>
>Is this what you mean?
>
> pkg_info -Q PKGPATH -a | while read p ; do cd $p && bmake show-var \
>   VARNAME=PKGNAME ; cd ${OLDPWD} ; done

No -- that works on what I have on my system.  I want something that's 
run on a NetBSD server, doing that for all possible packages.  That 
way, I can pull down one file and see if I should upgrade any of my 
insecure packages.  I'm trying to avoid everyone wanting to do
'cvs update' every day via cron.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb