tech-pkg: Re: improved pkg-vulnerabilities checking

Subject: Re: improved pkg-vulnerabilities checking
To: Hubert Feyrer <feyrer@cs.stevens.edu>
From: Eric Haszlakiewicz <erh@jodi.nimenees.com>
List: tech-pkg
Date: 11/13/2005 20:02:37

On Wed, Nov 09, 2005 at 11:46:10PM +0100, Hubert Feyrer wrote:
> On Wed, 9 Nov 2005, Eric Haszlakiewicz wrote:
> >	ALLOW_VULNERABLE_PACKAGES+=sun-jdk15-5.0.5
> >	ALLOW_VULNERABLE_PACKAGES+=vulnid:1234
> 
> How about making this consistent with PKG_OPTIONS.foo and do
> 
> 	ALLOW_VULNERABLE_PACKAGES.sun-jdk15=yes
> 	ALLOW_VULNERABLE_PACKAGES.sun-jdk15=1234
> 
> (Or whatever the exact syntax on PKG_OPTIONS for the pkg name is...)

	ok, I did this, but renamed the variable to match better with how it
is used:

	ALLOW_VULNERABILITIES.sun-jdk15=yes     # Skips audit-packages entirely
	ALLOW_VULNERABILITIES.sun-jdk15+=1234   # Ignores vulnerability 1234
	SKIP_AUDIT_PACKAGES=   #defined
	                       # Skips audit-packages for ALL packages.

Patch is at http://poe.swapsimple.com/pkgsrc_audit
I'm going to commit this in the next day or so.

eric