pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ANN: Availability of pkg(8)-capable pkgsrc

On 13 November 2016 at 00:18, John Marino <> wrote:
>> What it boils down to is this change potentially means the
>> pkgsrc-security@ team has to change how they perform their role and
>> you're calling it when you're not going to be the one having to sift
>> through the mess of advisories to fish out information before
>> embarking on some XML.
> How have you come to this conclusion?
> Did I state that pkgsrc-security team has to do anything different?
> A cron script downloads the pkgsrc vulnerability database and converts it to
> an xml format every 6 hours.  Nobody has to do anything.  Why is this a
> problem?

That's not a problem for me. I apologies.

> The only thing I could ask the security team is to keep using ranges and not
> regex.

Do you have an example entry of what you mean?

>> Do we not get a say in this?
>> That's why I'm raising the point about "duplication", why am I copying
>> the same information out from one place & adding it in to another If
>> we're not adding anything? why not direct the user to the original
>> source and get out of the way.
> This is incorrect.  The original vulnerability database is not downloaded
> anymore.  That functionality part of the "pkg" format.
> I am not sure how to say this any other way: *You* are not "copying the same
> information".  *You* are not adding it anywhere.



Home | Main Index | Thread Index | Old Index