Re: pkgsrc guide: Incorrect URL for security vulnerabilities file

To: "netbsd-docs%netbsd.org@localhost" <netbsd-docs%netbsd.org@localhost>, pkgsrc-users <pkgsrc-users%netbsd.org@localhost>
Subject: Re: pkgsrc guide: Incorrect URL for security vulnerabilities file
From: Ottavio Caruso <ottavio2006-usenet2012%yahoo.com@localhost>
Date: Sat, 9 May 2020 08:51:42 +0100

On Sat, 9 May 2020 at 08:46, Ottavio Caruso
<ottavio2006-usenet2012%yahoo.com@localhost> wrote:
>
> [Adding netbsd-docs@ to recipients]
>
> On Sat, 9 May 2020 at 05:57, Martin Husemann <martin%duskware.de@localhost> wrote:
> >
> > On Sat, May 09, 2020 at 01:00:18AM +0200, Jesus Cea wrote:
> > > According to
> > > <https://www.netbsd.org/docs/pkgsrc/faq.html#audit-packages>, the
> > > vulnerability file is available at
> > > <ftp://ftp.NetBSD.org/pkgsrc/distfiles/pkg-vulnerabilities>. That URL is
> > > wrong.
> >
> > Why do you think so?
> >
> > > The right one is
> > > <ftp://ftp.netbsd.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities>.
> >
> > That one does not exist.
> >
> > Martin
>
> Valid point.
>
> However, on a standard pkgsrc bootstrap, the url is automatically adjusted to:
>
> $ sudo pkg_admin config-var PKGVULNURL
> http://cdn.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz
>
> even without initialising pkg_install.conf.
>
> So: the guide is wrong but pkg_admin does fetch a valid vulnerability file.

Apologies: I have misquoted. The "valid point" was meant to be on
Jesus Cea's original post.



-- 
Ottavio Caruso

References:
- Re: pkgsrc guide: Incorrect URL for security vulnerabilities file
  - From: Ottavio Caruso

Prev by Date: Re: `fortune netbsd-tips` licence?
Next by Date: Re: pkgsrc guide: Incorrect URL for security vulnerabilities file
Previous by Thread: Re: pkgsrc guide: Incorrect URL for security vulnerabilities file
Indexes:

Home | Main Index | Thread Index | Old Index