NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RE: install/46646: sysinst should configure fetch-pkg-vulnerabilities automatically if you choose to install pkgsrc



A response I posted a little earlier today was mangled because I didn't send as 
a plain-text.  My high level points:

 

 - I agree that a sysinst menu option to enable vulnerability checking is a 
good compromise.  This could be right under the new option that installs pkgsrc.

 

 - The benefit of the feature (to me) is that it tells you a package is 
vulnerable right when you try to build it.

 

 - If this feature is implemented, it should set everything up so that the 
vulnerability database is ready the first time you try to build a package.  
(Not just after 24 hours via a cron job.)

 

David Ross
dross%pobox.com@localhost

 

 

----------------------------------------
> From: gnrp%komkon2.de@localhost
> To: install-manager%netbsd.org@localhost; gnats-admin%netbsd.org@localhost; 
> netbsd-bugs%netbsd.org@localhost; dross%pobox.com@localhost
> Subject: Re: install/46646: sysinst should configure 
> fetch-pkg-vulnerabilities automatically if you choose to install pkgsrc
> CC:
> Date: Wed, 4 Jul 2012 20:35:06 +0000
>
> The following reply was made to PR install/46646; it has been noted by GNATS.
>
> From: Julian Djamil Fagir <gnrp%komkon2.de@localhost>
> To: matthew green <mrg%eterna.com.au@localhost>, 
> gnats-bugs%NetBSD.org@localhost
> Cc:
> Subject: Re: install/46646: sysinst should configure
> fetch-pkg-vulnerabilities automatically if you choose to install pkgsrc
> Date: Wed, 4 Jul 2012 22:30:16 +0200
>
> --Sig_/ryrrMvlJE/04O3v0RnM0w5i
> Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: quoted-printable
>
> Hi,
>
> > > For fetch-pkg-vulnerabilities to be useful in most scenarios the MTA
> > > must be set up, thus network being set up, etc, a long ist of
> > > dependencies. I would consider this fine-tuning rather than setup. And I
> > > think sysinst should stay minimal, with only a selected set of actions =
> to
> > > be performed which are really needed for initial setup.
> >=20
> > this is false.
> >=20
> > it's useful for having pkgsrc tell you that the package you're
> > installing is vulnerable, which is extremely useful and good.
> >=20
> > additionally, having it setup means the admin can manually run
> > the check. again, quite useful and good.
> ok, I mixed this up after reading the comment about daily.conf.
>
> > Regarding fetch_pkg_vulnerabilities=3DYES in daily.conf
> > I'm wondering if this will run immediately on the first boot. Otherwise
> > the user will likely just start building from pkgsrc right away without t=
> he
> > benefit of the vulnerability check. Looks like there was a previous
> > discussion of this:
> > http://mail-index.netbsd.org/tech-userlevel/2010/01/oindex.html
> > See "fetch_pkg_=3Dvulnerabilities enabled by default (was: CVS commit:
> > src/etc)"
> Yep, this should be different.
>
> I'm still not sure about this. Having something in sysinst (and especially
> doing it by default) makes it the new default for everyone using sysinst for
> installing pkgsrc.
>
> I agree with you it's useful, but where does usefulness stop?
> You might argue that mdnsd is not needed for setting up a new system (tbh,
> I've never even looked at it), but it's exactly that kind of discussion.
> Especially having something periodic set up automatically is more critical.
>
> I'm not opposed to adding this feature to sysinst, but I would like to have=
> a
> discussion about what sysinst should be able to do and what kind of system =
> it
> finally sets up before adding more only useful features.
> If you tell me this is the official line and it should be done - ok, it's n=
> ot
> much work to implement that.
>
> Regards, Julian
>
> --Sig_/ryrrMvlJE/04O3v0RnM0w5i
> Content-Type: application/pgp-signature; name=signature.asc
> Content-Disposition: attachment; filename=signature.asc
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.18 (NetBSD)
>
> iEYEARECAAYFAk/0p9wACgkQc7h7cu1Hpp4L7QCeK3X8TYh7ltQDZWVWM7UWpLOE
> lmIAn0v7S8lIAAsK3cmW2vKXmM55ck8h
> =NNUI
> -----END PGP SIGNATURE-----
>
> --Sig_/ryrrMvlJE/04O3v0RnM0w5i--
>                                         


Home | Main Index | Thread Index | Old Index