On Tue, 22 Nov 2005, Johnny C. Lam wrote:

> This last change is possibly controversial new behavior because it
> matches neither the old nor the current behavior:
>
> * "CHECK_VULNERABILITIES" defaults to "yes" only if the audit-packages
>   script can be found; otherwise, it defaults to "no".  The purpose
>   of this change is to not force audit-packages to be installed.
>
> The old behavior was that vulnerability checks were performed regardless
> of whether audit-packages was installed or not.  This was due to the
> standalone implementation of the auditing code in the old
> "check-vulnerable" target.  The current behavior is that audit-packages
> must be installed for pkgsrc to work, which again forces the vulnerability
> checks to be performed.  The proposed behavior is that we only perform
> the checks if we can actually do so.  This can be considered a weakening
> of the security of pkgsrc, so we may not want to do this.

audit-packages is an unreasonable forced dependency, so whatever behavior
you choose, the default must not require its presence.  This is not a
"weakening", because this was already the prior behavior of pkgsrc.

-- 
-- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>