[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Switch vulnerable packages to a warning only
On 2020-05-21 11:41, coypu%sdf.org@localhost wrote:
I think changing this is fine as long as there's always a way to make
builds error out by default, even if that's not default behavior. In
most environments, I'm fine with allowing vulnerable packages, but there
are two where I want the build to halt:
On Thu, May 21, 2020 at 12:39:09PM -0400, Greg Troxel wrote:
Attached diff to make ALLOW_VULNERABLE_PACKAGES=no.
It's somewhat unnecessary to have ALLW_VULNERABLE_PACKAGES?=yes (any
value except no, even empty, would do), but this is probably easier to
Thanks for taking my suggestion and this looks good to m.
Great. I'm going to let it sit for a few days so more people have an
opportunity to object, as I am changing the default behaviour.
1. My development trees, so I become aware of all vulnerabilities in
2. HPC clusters where I run services as root from a pkgsrc tree
Thanks for your work on this improvement.
Main Index |
Thread Index |