Date: Thu, 18 Nov 2004 12:27:38 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "Dan Mahoney, System Admin" <danm@prime.gushi.org> Cc: doc@freebsd.org Subject: Re: ports vulnerabilities Message-ID: <419CE99A.40404@daleco.biz> In-Reply-To: <20041117150247.Q16295@prime.gushi.org> References: <20041117150247.Q16295@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Mahoney, System Admin wrote: > I had heard a bit about the new "vulnerability check" in > FreeBSD's ports. I tried reading /usr/ports/updating and saw something > like: > > > Description: A new vulnerabilities database has been added to the > ports system in order to keep more accurate, up-to-date, track of > security vulnerabilities. The ports system now knows how to query > that database and dynamically prevents the installation of vulnerable > ports. > > I had to do some more digging around on various googles to find out > that in order to USE this ability, I had to install the portaudit port. > This seems like a useful feature, but I'm curious: Why isn't this in > the base system? I can't answer that, as I'm nobody special. The functionality is rather new, and I'm assuming that either they wanted more "modularity" in keeping with some other recent trends, or else they plan to put it in base but haven't yet, or, quite possibly, it's not yet the Best Thing(tm) to do for some reason that seems unclear to me (and maybe to you as well...) > > I tried to install a port which had a conflict (ImageMagick) > but I didn't feel the vulnerability was significant enough to > warrant waiting for a new port to be created. I looked in > the ports man page for an override environment variable, > but "vulnerability check" isn't even mentioned there. > Could this please get stuck into the manpages? > > -Dan Mahoney I'm cc-ing to doc@ ... we'll see if anyone wants to comment. [ Umm, yeah ... they're great guys, but busy. We'll see....] You might also check with ports@ ... or just file a PR and see what comes of it. It'l also quite possible that spending some time in the ports@ list archives might turn up some of the info your're looking for.... Also, what manpage would you *expect* to see this information in? You mention ports(7), but someone already thinks "this manpage is too long" ;-) Let discussion begin? Kevin Kinsey DaleCo, S.P.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?419CE99A.40404>