Re: Switch vulnerable packages to a warning only

To: tech-pkg%netbsd.org@localhost
Subject: Re: Switch vulnerable packages to a warning only
From: Jason Bacon <outpaddling%yahoo.com@localhost>
Date: Fri, 22 May 2020 07:36:53 -0500

On 2020-05-21 11:46, Joerg Sonnenberger wrote:

On Thu, May 21, 2020 at 04:34:19PM +0000, coypu%sdf.org@localhost wrote:

It's somewhat unnecessary to have ALLW_VULNERABLE_PACKAGES?=yes (any
value except no, even empty, would do), but this is probably easier to
understand.

It makes a difference whether auditing is done at all or if the result
is ignored. Namely on whether the non-existance of the vulnerability
file is an error. So if anything, it should be a trinary option (yes,
no, warn).

Joerg

+1

References:
- Switch vulnerable packages to a warning only
  - From: coypu
- Re: Switch vulnerable packages to a warning only
  - From: Greg Troxel
- Re: Switch vulnerable packages to a warning only
  - From: coypu
- Re: Switch vulnerable packages to a warning only
  - From: Joerg Sonnenberger

Prev by Date: daily pkgsrc CVS update output
Next by Date: Re: Switch vulnerable packages to a warning only
Previous by Thread: Re: Switch vulnerable packages to a warning only
Next by Thread: Re: Switch vulnerable packages to a warning only
Indexes:

Home | Main Index | Thread Index | Old Index