pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: installing vulnerable pkgs



For the record, the original thread starts at http://mail-index.netbsd.org/tech-pkg/2006/02/13/0005.html, and a workaround can be found at http://mail-index.netbsd.org/tech-pkg/2006/02/13/0014.html. Thanks, Roland and Lubomir!

--



----- Original Message ----- From: "Lubomir Sedlacik" <salo%Xtrmntr.org@localhost>
To: "ratio" <ratio%insight.rr.com@localhost>
Cc: <pkgsrc-users%netbsd.org@localhost>
Sent: Wednesday, July 26, 2006 10:16 AM
Subject: Re: installing vulnerable pkgs

On Tue, Jul 25, 2006 at 06:39:07PM -0400, ratio wrote:
Is there an easy way to allow the installation of just one package
(possibly allowing dependencies) without removing the checks for all
packages?

no.

Something finer-grained than ALLOW_VULNERABLE_PACKAGES but not as fine
as ALLOW_VULNERABILITIES.foo? I'm not as interested in what the
vulnerability is as whether or not I'm aware that one exists and that
I'm really sure I want to install it regardless.

Also, how does one get a version 1.0.1 formatted pkg-vulnerabilities
file?  I haven't even been able to get ALLOW_VULNERABILITIES.foo to
work since I don't have vulnerability IDs in my pkg-vulnerabilities
file--download-vulnerability-list(8) gets me a version 1.0.0 formatted
file. NetBSD-3.0, i386, pkgsrc updated to 2006Q2 via cvs a few days
ago.

the functionality was removed few months ago.  search the archives and
cvs logs for details.


regards,

--
-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org>   --




Home | Main Index | Thread Index | Old Index