syspkg equivalent of pkgsrc audit?

To: netbsd-users%netbsd.org@localhost
Subject: syspkg equivalent of pkgsrc audit?
From: Malcolm Herbert <mjch%mjch.net@localhost>
Date: Tue, 22 Dec 2015 16:43:53 +1100

Folks - I'm coming to the conclusion that for host which I'm using the system version of various tools[1] I have bad visibility for when these versions of the package become insecure and require an update.

Given that we don't have system packages to list in some manner similar to pkgsrc packages, what is the best method for comparing these against the content of the vulnerabilities file?

I tend to use the released versions of the OS from the relevant .iso - as part of the build process would it make sense to produce a file somewhere in /etc which lists the various bundled package versions grouped by install set?

Alternatively, has anyone got a guide for how to disable/replace as much of the system-supplied packages with their pkgsrc equivalent and get around the visibility problem that way?  This may be preferable as then we can update individual packages as required.

Regards,
Maloclm

[1] sshd, named/bind, postfix in the main

-- 
Malcolm Herbert
mjch%mjch.net@localhost

Follow-Ups:
- Re: syspkg equivalent of pkgsrc audit?
  - From: Thor Lancelot Simon

Prev by Date: Re: NPF on raspberry pi 2
Next by Date: Re: syspkg equivalent of pkgsrc audit?
Previous by Thread: NPF on raspberry pi 2
Next by Thread: Re: syspkg equivalent of pkgsrc audit?
Indexes:

Home | Main Index | Thread Index | Old Index