Subject: Re: vulnerabilities report..
To: None <agc@pkgsrc.org>
From: Hubert Feyrer <hubert@feyrer.de>
List: tech-pkg
Date: 11/22/2000 07:21:00
On Tue, 21 Nov 2000, Alistair Crooks wrote:
> The show-vulnerabilities target is not meant to be run directly, although
> you can still do it if you want. You are meant to run the audit-packages
> script. The show-vulnerabilities target is run automatically at the end of
> the fake-pkg target to check that the package you have just installed has
> any known exploits. You could add some text to Packages.txt if you want, but
> I'd prefer it if you didn't, since that would only encourage people to use
> what's meant to be an internal target.
Hum, shouldn't it be the person who implemented something that documents
it? I start to get a little bit fed up to run after people documenting
their stuff. Esp. when I wake up at 7am...
Obviously what that person should do is:
1. Hint at the "auddit-packages" package and it's scripts in the output
of the show-vulnerabilities target.
2. Add some text to section #9 of Packages.txt (or add a section #4 in
the "User's Guide" part that contains FAQs, just as in the "Package
Constructor's Guide").
- Hubert
--
Hubert Feyrer <hubert@feyrer.de>