From nobody Fri Nov 19 09:17:43 2021
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E7A76188EBD1
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 19 Nov 2021 09:17:46 +0000 (UTC)
	(envelope-from avg@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4HwWKQ6Hp8z3Pnn;
	Fri, 19 Nov 2021 09:17:46 +0000 (UTC)
	(envelope-from avg@FreeBSD.org)
Received: from [192.168.0.88] (unknown [195.64.148.76])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(Client did not present a certificate)
	(Authenticated sender: avg/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 5ECD9182D;
	Fri, 19 Nov 2021 09:17:46 +0000 (UTC)
	(envelope-from avg@FreeBSD.org)
Message-ID: <71d44469-bc53-fa50-8513-89a3f52d5497@FreeBSD.org>
Date: Fri, 19 Nov 2021 11:17:43 +0200
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:91.0) Gecko/20100101
 Firefox/91.0 Thunderbird/91.3.0
From: Andriy Gapon <avg@FreeBSD.org>
Subject: Re: pkg audit: security problems only
Content-Language: en-US
To: Baptiste Daroussin <bapt@FreeBSD.org>
Cc: FreeBSD Ports <ports@FreeBSD.org>
References: <34ea8551-b2a0-2b72-6217-56e6c0228ed4@FreeBSD.org>
 <20211119084744.irhskceo7c5p5iah@aniel.nours.eu>
In-Reply-To: <20211119084744.irhskceo7c5p5iah@aniel.nours.eu>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-ThisMailContainsUnwantedMimeParts: N

On 19/11/2021 10:47, Baptiste Daroussin wrote:
> On Fri, Nov 19, 2021 at 10:31:37AM +0200, Andriy Gapon wrote:
>>
>> Is there an option to limit pkg audit to report security problems only?
>>
>> Right now the corresponding periodic script reports a lot of (what I
>> consider to be) noise every night.  It's about deprecated packages, mostly
>> depending on python 2.7.  And I consider those reports to be noise because
>> 90% of reported packages are not actually going to be removed (e.g., kmail,
>> korganizer, etc).
>>
>> So, I would like to be getting a security focused report useful for end users.
>> Is that possible?
>> Thank you!
>>
> 
>  From the periodic script here are all the parameters:
> 
> : ${security_status_pkgaudit_enable:=YES}
> : ${security_status_pkgaudit_period:=daily}
> : ${security_status_pkgaudit_quiet:=YES}
> : ${security_status_pkgaudit_chroots=$pkg_chroots}
> : ${security_status_pkgaudit_jails=$pkg_jails}
> : ${security_status_pkgaudit_jails_ignore+=""}
> : ${security_status_pkgaudit_expiry:=2}
> : ${security_status_pkgaudit_expiration:=YES}
> : ${security_status_pkgaudit_deprecation:=YES}

Thank you!

Before asking I checked two places, pkg help audit and /etc/periodic, and I came 
up empty.
I didn't think of checking /usr/local/etc/periodic/ or pkg annotate.


-- 
Andriy Gapon