tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Switch vulnerable packages to a warning only

On Thu, May 21, 2020 at 04:34:19PM +0000, wrote:
> It's somewhat unnecessary to have ALLW_VULNERABLE_PACKAGES?=yes (any
> value except no, even empty, would do), but this is probably easier to
> understand.

It makes a difference whether auditing is done at all or if the result
is ignored. Namely on whether the non-existance of the vulnerability
file is an error. So if anything, it should be a trinary option (yes,
no, warn).


Home | Main Index | Thread Index | Old Index