Re: ANN: Availability of pkg(8)-capable pkgsrc

["Sevan / Venture37" <venture37%gmail.com@localhost>]

On 13 November 2016 at 00:18, John Marino <netbsd%marino.st@localhost> wrote:
>> What it boils down to is this change potentially means the
>> pkgsrc-security@ team has to change how they perform their role and
>> you're calling it when you're not going to be the one having to sift
>> through the mess of advisories to fish out information before
>> embarking on some XML.
>
>
> How have you come to this conclusion?
> Did I state that pkgsrc-security team has to do anything different?
> A cron script downloads the pkgsrc vulnerability database and converts it to
> an xml format every 6 hours.  Nobody has to do anything.  Why is this a
> problem?

That's not a problem for me. I apologies.

> The only thing I could ask the security team is to keep using ranges and not
> regex.

Do you have an example entry of what you mean?

>> Do we not get a say in this?
>>
>> That's why I'm raising the point about "duplication", why am I copying
>> the same information out from one place & adding it in to another If
>> we're not adding anything? why not direct the user to the original
>> source and get out of the way.
>
>
> This is incorrect.  The original vulnerability database is not downloaded
> anymore.  That functionality part of the "pkg" format.
>
> I am not sure how to say this any other way: *You* are not "copying the same
> information".  *You* are not adding it anywhere.

Ok

Sevan