From nobody Fri Nov 19 08:47:44 2021 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2C261182C52D for ; Fri, 19 Nov 2021 08:47:47 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HwVfq0vfGz3Cql; Fri, 19 Nov 2021 08:47:47 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from aniel.nours.eu (nours.eu [IPv6:2001:41d0:8:3a4d::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: bapt) by smtp.freebsd.org (Postfix) with ESMTPSA id DB84D181B; Fri, 19 Nov 2021 08:47:46 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: by aniel.nours.eu (Postfix, from userid 1001) id 388AC11539F; Fri, 19 Nov 2021 09:47:44 +0100 (CET) Date: Fri, 19 Nov 2021 09:47:44 +0100 From: Baptiste Daroussin To: Andriy Gapon Cc: FreeBSD Ports Subject: Re: pkg audit: security problems only Message-ID: <20211119084744.irhskceo7c5p5iah@aniel.nours.eu> References: <34ea8551-b2a0-2b72-6217-56e6c0228ed4@FreeBSD.org> List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <34ea8551-b2a0-2b72-6217-56e6c0228ed4@FreeBSD.org> X-ThisMailContainsUnwantedMimeParts: N On Fri, Nov 19, 2021 at 10:31:37AM +0200, Andriy Gapon wrote: > > Is there an option to limit pkg audit to report security problems only? > > Right now the corresponding periodic script reports a lot of (what I > consider to be) noise every night. It's about deprecated packages, mostly > depending on python 2.7. And I consider those reports to be noise because > 90% of reported packages are not actually going to be removed (e.g., kmail, > korganizer, etc). > > So, I would like to be getting a security focused report useful for end users. > Is that possible? > Thank you! > >From the periodic script here are all the parameters: : ${security_status_pkgaudit_enable:=YES} : ${security_status_pkgaudit_period:=daily} : ${security_status_pkgaudit_quiet:=YES} : ${security_status_pkgaudit_chroots=$pkg_chroots} : ${security_status_pkgaudit_jails=$pkg_jails} : ${security_status_pkgaudit_jails_ignore+=""} : ${security_status_pkgaudit_expiry:=2} : ${security_status_pkgaudit_expiration:=YES} : ${security_status_pkgaudit_deprecation:=YES} Best regards, Bapt