Re: ALLOW_VULNERABLE_PACKAGES

To: tech-pkg%NetBSD.org@localhost
Subject: Re: ALLOW_VULNERABLE_PACKAGES
From: Matthias Scheler <tron%zhadum.org.uk@localhost>
Date: Thu, 22 May 2008 15:28:22 +0100

On Thu, May 22, 2008 at 08:34:03AM -0500, Jeremy C. Reed wrote:
> > definining "ALLOW_VULNERABLE_PACKAGES" currently disables checking for
> > vulnerable packages completely.
> > 
> > I wonder whether it should just disable the error but not the message.
> 
> Yes, that seems fine. Maybe add CHECK_VULNERABLE_PACKAGES that defaults to 
> yes.

Yes, that's probably a good idea.

The reason I'm asking is a friend system where "ALLOW_VULNERABLE_PACKAGES"
is set to "YES" in "/etc/mk.conf" (eventually for historic reasons
related to PHP). I would really prefer if he gets at least a message
when he installs a vulnerable package.

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/

References:
- ALLOW_VULNERABLE_PACKAGES
  - From: Matthias Scheler
- Re: ALLOW_VULNERABLE_PACKAGES
  - From: Jeremy C. Reed

Prev by Date: Re: ALLOW_VULNERABLE_PACKAGES
Next by Date: Re: ALLOW_VULNERABLE_PACKAGES
Previous by Thread: Re: ALLOW_VULNERABLE_PACKAGES
Next by Thread: Re: ALLOW_VULNERABLE_PACKAGES
Indexes:

Home | Main Index | Thread Index | Old Index