On Nov 12, 11:44pm, "Sevan / Venture37" wrote:
} On 12 November 2016 at 21:18, John Marino <netbsd%marino.st@localhost> wrote:
} > Do you understand that pkg(8) displays vulnerability information directly?
} > It's not a "duplicate", it's a summary. There's a difference. But that's
} > only the case for FreeBSD Ports. For pkgsrc auditing you get none of that
} > because it's not available in vuxml.
} >
} > tldr; it adds a LOT of value.
} >
} > This isn't really subjective.
}
} What it boils down to is this change potentially means the
} pkgsrc-security@ team has to change how they perform their role and
} you're calling it when you're not going to be the one having to sift
} through the mess of advisories to fish out information before
} embarking on some XML.
}
} Do we not get a say in this?
}
} That's why I'm raising the point about "duplication", why am I copying
} the same information out from one place & adding it in to another If
} we're not adding anything? why not direct the user to the original
} source and get out of the way.
Or, better yet, if you say that you're making pkg(8) work with
pkgsrc, why not actually make it work with pkgsrc and teach it to
fetch and parse pkg-vulnerabilities instead of trying to shoehorn
pkgsrc into a foreign system?