Re: Switch vulnerable packages to a warning only

To: tech-pkg%netbsd.org@localhost
Subject: Re: Switch vulnerable packages to a warning only
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Thu, 21 May 2020 18:46:38 +0200

On Thu, May 21, 2020 at 04:34:19PM +0000, coypu%sdf.org@localhost wrote:
> It's somewhat unnecessary to have ALLW_VULNERABLE_PACKAGES?=yes (any
> value except no, even empty, would do), but this is probably easier to
> understand.

It makes a difference whether auditing is done at all or if the result
is ignored. Namely on whether the non-existance of the vulnerability
file is an error. So if anything, it should be a trinary option (yes,
no, warn).

Joerg

Follow-Ups:
- Re: Switch vulnerable packages to a warning only
  - From: maya
- Re: Switch vulnerable packages to a warning only
  - From: Jason Bacon

References:
- Switch vulnerable packages to a warning only
  - From: coypu
- Re: Switch vulnerable packages to a warning only
  - From: Greg Troxel
- Re: Switch vulnerable packages to a warning only
  - From: coypu

Prev by Date: Re: Providing an easy additional way of avoiding uploading non-redistributable packages
Next by Date: Re: Switch vulnerable packages to a warning only
Previous by Thread: Re: Switch vulnerable packages to a warning only
Next by Thread: Re: Switch vulnerable packages to a warning only
Indexes:

Home | Main Index | Thread Index | Old Index