From owner-freebsd-doc@FreeBSD.ORG  Sun Dec  7 13:11:40 2014
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1E77ABB1
 for <freebsd-doc@freebsd.org>; Sun,  7 Dec 2014 13:11:40 +0000 (UTC)
Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173])
 by mx1.freebsd.org (Postfix) with ESMTP id EA727F64
 for <freebsd-doc@freebsd.org>; Sun,  7 Dec 2014 13:11:39 +0000 (UTC)
Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.41])
 by be-well.ilk.org (Postfix) with ESMTP id BE14E33C1D;
 Sun,  7 Dec 2014 08:11:27 -0500 (EST)
Received: by lowell-desk.lan (Postfix, from userid 1147)
 id 1E40539828; Sun,  7 Dec 2014 08:11:25 -0500 (EST)
From: Lowell Gilbert <freebsd-lists@be-well.ilk.org>
To: Jacob Helwig <jacob@technosorcery.net>
Subject: Re: Issue with Handbook section 5.2
References: <B06E0DF0-73F5-4B6B-A7B3-EFCCC9AD875A@technosorcery.net>
Date: Sun, 07 Dec 2014 08:11:25 -0500
In-Reply-To: <B06E0DF0-73F5-4B6B-A7B3-EFCCC9AD875A@technosorcery.net> (Jacob
 Helwig's message of "Sat, 6 Dec 2014 18:58:13 -0800")
Message-ID: <44388rwqo2.fsf@lowell-desk.lan>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-doc@freebsd.org
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-doc>,
 <mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc/>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
 <mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Dec 2014 13:11:40 -0000

Jacob Helwig <jacob@technosorcery.net> writes:

> In going through the FreeBSD Handbook (as of Sun Dec 7 02:44:11 UTC
> 2014), section 5.2 (Overview of Software Installation) mentions using
> ports-mgmt/portaudit to check for security issues.  Unfortunately,
> portaudit was removed from ports on October 13th[0].
>
> The commit that removed it says that =93pkg audit=94 should be used
> instead ("portaudit expired when pkg_tools did, use pkg audit=94), but
> as someone pretty new to FreeBSD, it=92s not clear that this would be
> appropriate for ports usage.  Is =93pkg audit=94 appropriate?  The
> language in the warning section of this Handbook section suggests that
> =93pkg audit=94 isn=92t appropriate outside of package use.  If =93pkg au=
dit=94
> isn=92t appropriate, what should be used instead?

"pkg audit" is appropriate in all cases (for versions of FreeBSD still
supported), and the warning should be changed to so indicate. [I can't
produce a patch for a PR at the moment, but the changes needed are
minor (but not QUITE trivial).]

Your confusion comes from the fact that once installed, there is no
difference between ports and packages, and pkg(8) is the tool for
handling them. This is true regardless of whether you used pkg to
install them in the first place.