audit-packages.conf vs. pkg_install.conf for IGNORE_URLS ?

To: pkgsrc devel <tech-pkg%netbsd.org@localhost>
Subject: audit-packages.conf vs. pkg_install.conf for IGNORE_URLS ?
From: Nicolas Joly <njoly%pasteur.fr@localhost>
Date: Sat, 4 Apr 2009 16:35:38 +0200

Hi,

I just noticed that vulnerability check message states that
IGNORE_URLS should be set in audit-packages.conf, but shouldn't it be
pkg_install.conf instead ?

njoly@petaure [emulators/qemu]> make
=> Bootstrap dependency digest>=20010302: found digest-20080510
===> Checking for vulnerabilities in qemu-0.9.1
Package qemu-0.9.1 has a information-disclosure vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0928
Package qemu-0.9.1 has a security-bypass vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004
Package qemu-0.9.1 has a denial-of-service vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2382
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in 
audit-packages.conf(5) if this package is absolutely essential.
*** Error code 1

-- 
Nicolas Joly

Biological Software and Databanks.
Institut Pasteur, Paris.

Follow-Ups:
- Re: audit-packages.conf vs. pkg_install.conf for IGNORE_URLS ?
  - From: Joerg Sonnenberger

Prev by Date: Re: Cyclic dependency, please fix
Next by Date: Re: Cyclic dependency, please fix
Previous by Thread: Re: pkgsrc-HEAD DragonFly 2.3/i386 2009-04-02 05:00
Next by Thread: Re: audit-packages.conf vs. pkg_install.conf for IGNORE_URLS ?
Indexes:

Home | Main Index | Thread Index | Old Index