tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Switch vulnerable packages to a warning only
Hi,
Over time, more packages, and more essential packages are considered
vulnerable. Unfortunately this makes users suffer unnecessarily for
fetching the package vulnerability database.
I assume most people who ran "pkg_admin fetch-pkg-vulnerabilities" have
immediately had to add ALLOW_VULNERABLE_PACKAGES=yes to mk.conf
So, I am proposing a user-friendliness step of only warning about
vulnerable packages by default.
Thoughts?
Index: pkgformat/pkg/check.mk
===================================================================
RCS file: /cvsroot/pkgsrc/mk/pkgformat/pkg/check.mk,v
retrieving revision 1.1
diff -u -r1.1 check.mk
--- pkgformat/pkg/check.mk 15 Oct 2011 00:23:09 -0000 1.1
+++ pkgformat/pkg/check.mk 21 May 2020 15:56:15 -0000
@@ -20,6 +20,5 @@
exit 0; \
fi; \
${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \
- ${AUDIT_PACKAGES} ${_AUDIT_PACKAGES_CMD} ${AUDIT_PACKAGES_FLAGS} ${PKGNAME} \
- || ${FAIL_MSG} "Define ALLOW_VULNERABLE_PACKAGES in mk.conf or ${_AUDIT_CONFIG_OPTION} in ${_AUDIT_CONFIG_FILE}(5) if this package is absolutely essential."
+ ${AUDIT_PACKAGES} ${_AUDIT_PACKAGES_CMD} ${AUDIT_PACKAGES_FLAGS} ${PKGNAME} || ${TRUE}
.endif
Home |
Main Index |
Thread Index |
Old Index