From owner-freebsd-doc@FreeBSD.ORG Sun Dec 7 13:11:40 2014 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1E77ABB1 for ; Sun, 7 Dec 2014 13:11:40 +0000 (UTC) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id EA727F64 for ; Sun, 7 Dec 2014 13:11:39 +0000 (UTC) Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.41]) by be-well.ilk.org (Postfix) with ESMTP id BE14E33C1D; Sun, 7 Dec 2014 08:11:27 -0500 (EST) Received: by lowell-desk.lan (Postfix, from userid 1147) id 1E40539828; Sun, 7 Dec 2014 08:11:25 -0500 (EST) From: Lowell Gilbert To: Jacob Helwig Subject: Re: Issue with Handbook section 5.2 References: Date: Sun, 07 Dec 2014 08:11:25 -0500 In-Reply-To: (Jacob Helwig's message of "Sat, 6 Dec 2014 18:58:13 -0800") Message-ID: <44388rwqo2.fsf@lowell-desk.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Cc: freebsd-doc@freebsd.org X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Dec 2014 13:11:40 -0000 Jacob Helwig writes: > In going through the FreeBSD Handbook (as of Sun Dec 7 02:44:11 UTC > 2014), section 5.2 (Overview of Software Installation) mentions using > ports-mgmt/portaudit to check for security issues. Unfortunately, > portaudit was removed from ports on October 13th[0]. > > The commit that removed it says that =93pkg audit=94 should be used > instead ("portaudit expired when pkg_tools did, use pkg audit=94), but > as someone pretty new to FreeBSD, it=92s not clear that this would be > appropriate for ports usage. Is =93pkg audit=94 appropriate? The > language in the warning section of this Handbook section suggests that > =93pkg audit=94 isn=92t appropriate outside of package use. If =93pkg au= dit=94 > isn=92t appropriate, what should be used instead? "pkg audit" is appropriate in all cases (for versions of FreeBSD still supported), and the warning should be changed to so indicate. [I can't produce a patch for a PR at the moment, but the changes needed are minor (but not QUITE trivial).] Your confusion comes from the fact that once installed, there is no difference between ports and packages, and pkg(8) is the tool for handling them. This is true regardless of whether you used pkg to install them in the first place.