Re: ANN: Availability of pkg(8)-capable pkgsrc

["Sevan / Venture37" <venture37%gmail.com@localhost>]

Hi John,

Well done for the work you've done on bringing pkg to pkgsrc, I very
much look forward to being able to use tools like synth to turn bulk
builds around at a faster rate, thanks to being able to parallelise
builds out of the box.

On 12 November 2016 at 18:06, John Marino <netbsd%marino.st@localhost> wrote:
> VULNERABILITY AUDITS:
> Yes, these are supported.  This was a major task for me to convert the
> limited (and mistake prone) NetBSD vulnerability database to FreeBSD's VuXML
> format that pkg(8) uses.  I've hosted the xml on a DragonFly server also
> transformed the xml to web pages [7][8].  These are also updated every 6
> hours as needed.
>
> AUDIT NOTE: I just noticed that fetching the security file on NetBSD results
> in a segfault/core dump.  That probably means fetching on NetBSD is broken
> everywhere (e.g. remote repositories).  Any help to diagnose that issue on
> NetBSD would be appreciated as the cause isn't obvious to me after first
> glance at gdb and fetching code.

Certainly speaking for myself here but there is no way I'm looking to
hand edit XML after sifting through advisories to fish out relevant
information. If the result of a simple three column file ends up into
a XML monstrosity through some automated means, I wouldn't have any
issue, but there's no way I'm adding VuXML entries directly. Perhaps a
better project would be to work on publishing the conversion tool to
save humanity and prevent any further hand editing on VuXML.

The website generation feature is a convenient feature of the system
at the cost of duplication of content, manually performed by the
person adding entries. Time is precious!


Sevan