Subject: Re: improved pkg-vulnerabilities checking
To: Hubert Feyrer <feyrer@cs.stevens.edu>
From: Eric Haszlakiewicz <erh@jodi.nimenees.com>
List: tech-pkg
Date: 11/10/2005 04:08:59
On Wed, Nov 09, 2005 at 11:46:10PM +0100, Hubert Feyrer wrote:
> On Wed, 9 Nov 2005, Eric Haszlakiewicz wrote:
> > ALLOW_VULNERABLE_PACKAGES+=sun-jdk15-5.0.5
> > ALLOW_VULNERABLE_PACKAGES+=vulnid:1234
>
> How about making this consistent with PKG_OPTIONS.foo and do
>
> ALLOW_VULNERABLE_PACKAGES.sun-jdk15=yes
> ALLOW_VULNERABLE_PACKAGES.sun-jdk15=1234
>
> (Or whatever the exact syntax on PKG_OPTIONS for the pkg name is...)
That sounds a bit better. Of course, doing it that way means that
you can't have a multi-package wildcard, but that's probably a poor
idea anyway.
Although, when running audit-packages directly I could see how
that could still be useful so I'm going to allow package patterns to
be specfied with "pkgpat:...", like so:
audit-packages -i "pkgpat:sun-jdk15-5.0.5"
which would be usable in pkgsrc too, but it would only take effect for
the one package that the variable that was set applied to.
eric