From owner-freebsd-questions@FreeBSD.ORG Wed Nov 17 20:31:16 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A3A116A4CE for ; Wed, 17 Nov 2004 20:31:16 +0000 (GMT) Received: from prime.gushi.org (prime.gushi.org [65.125.228.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB14B43D55 for ; Wed, 17 Nov 2004 20:31:15 +0000 (GMT) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (danm@localhost.com [127.0.0.1] (may be forged)) by prime.gushi.org (8.13.1/8.13.1) with ESMTP id iAHKWjH0025014 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 17 Nov 2004 15:32:45 -0500 (EST) Received: from localhost (danm@localhost) by prime.gushi.org (8.13.1/8.13.1/Submit) with ESMTP id iAHKWjEX025011 for ; Wed, 17 Nov 2004 15:32:45 -0500 (EST) Date: Wed, 17 Nov 2004 15:32:44 -0500 (EST) From: "Dan Mahoney, System Admin" To: questions@freebsd.org Message-ID: <20041117150247.Q16295@prime.gushi.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: ports vulnerabilities X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Nov 2004 20:31:16 -0000 I had heard a bit about the new "vulnerability check" in FreeBSD's ports. I tried reading /usr/ports/updating and saw something like: Description: A new vulnerabilities database has been added to the ports system in order to keep more accurate, up-to-date, track of security vulnerabilities. The ports system now knows how to query that database and dynamically prevents the installation of vulnerable ports. I had to do some more digging around on various googles to find out that in order to USE this ability, I had to install the portaudit port. This seems like a useful feature, but I'm curious: Why isn't this in the base system? I tried to install a port which had a conflict (ImageMagick) but I didn't feel the vulnerability was significant enough to warrant waiting for a new port to be created. I looked in the ports man page for an override environment variable, but "vulnerability check" isn't even mentioned there. Could this please get stuck into the manpages? -Dan Mahoney -- Christ almighty... my EYES! They're melting! -Zaren, Efnet #macintosh, in response to: www.geocities.com/CollegePark/Classroom/1944 The WEBSITE DESIGN class that gave my fiancee a D. --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------