tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg-vulnerabilities file now in pkgsrc



> On Sep 29, 2023, at 3:32 AM, Thomas Klausner <wiz%NetBSD.org@localhost> wrote:
> 
> Feel free to add CVE information to
> pkgsrc/doc/pkg-vulnerabilities. pkgsrc-security will monitor commits
> and upload new signed copies.

Just to be clear, the pkgsrc file will be the master version (except for signing)?  That is, the only pathway for new vulnerabilities into the signed version is through a commit to the pkgsrc file?  Is the process documented?

Cheers,
Brook




Home | Main Index | Thread Index | Old Index