Eric Haszlakiewicz wrote:
> On Wed, Nov 09, 2005 at 11:46:10PM +0100, Hubert Feyrer wrote:
> 
>>On Wed, 9 Nov 2005, Eric Haszlakiewicz wrote:
>>
>>>	ALLOW_VULNERABLE_PACKAGES+=sun-jdk15-5.0.5
>>>	ALLOW_VULNERABLE_PACKAGES+=vulnid:1234
>>
>>How about making this consistent with PKG_OPTIONS.foo and do
>>
>>	ALLOW_VULNERABLE_PACKAGES.sun-jdk15=yes
>>	ALLOW_VULNERABLE_PACKAGES.sun-jdk15=1234
>>
>>(Or whatever the exact syntax on PKG_OPTIONS for the pkg name is...)
> 
> 
> 	ok, I did this, but renamed the variable to match better with how it
> is used:
> 
> 	ALLOW_VULNERABILITIES.sun-jdk15=yes     # Skips audit-packages entirely
> 	ALLOW_VULNERABILITIES.sun-jdk15+=1234   # Ignores vulnerability 1234
> 	SKIP_AUDIT_PACKAGES=   #defined
> 	                       # Skips audit-packages for ALL packages.
> 
> Patch is at http://poe.swapsimple.com/pkgsrc_audit

Please rename AUDIT_PACKAGES_OK to _AUDIT_PACKAGES_OK, as it is not 
meant as user-visible. Same for AUDIT_PACKAGES_MIN_VERSION.

In bsd.pkg.mk:
 > _ALLOW_VULNERABILITIES=

I prefer "_ALLOW_VULNERABILITIES=#none" for readability.

 > +++ security/audit-packages/Makefile
 > @@ -20,6 +20,8 @@
 >  OWN_DIRS=	${PKGVULNDIR}
 >  INSTALLATION_DIRS=	man/cat8 man/man8 sbin
 >
 > +SKIP_AUDIT_PACKAGES=	#defined

Why not "yes" instead of "#defined"?

 > +++ security/audit-packages/files/audit-packages
 > +for ign in "$ignore_list" ; do

This will iterate exactly once. I think the quotes should be removed.

Roland