From owner-freebsd-pkg@freebsd.org Fri Aug 21 14:42:08 2015 Return-Path: Delivered-To: freebsd-pkg@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D932A9BF04F for ; Fri, 21 Aug 2015 14:42:08 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CF25A1058 for ; Fri, 21 Aug 2015 14:42:08 +0000 (UTC) (envelope-from marquis@roble.com) Date: Fri, 21 Aug 2015 07:42:07 -0700 (PDT) From: Roger Marquis To: freebsd-pkg@freebsd.org Subject: Re: pkg audit-pkg RFQ User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2015 14:42:08 -0000 Matthew Seaman wrote: > pkg audit already takes an optional pkgname argument, and it will give > you all the vulnerability reports for that package, even if not > installed. Great news, thanks Matt. Didn't see this while perusing the source code. Perhaps the man page should be updated: < audit Audit installed packages against known vulnerabilities. > audit Audit installed packages or package/s specified on the command line against known vulnerabilities. > What it doesn't do is filter by either the installed version or the > available versions in your configured repos. That would be good > functionality to have, but I don't think it warrants adding a whole extra > verb to pkg(8); just a few command line flags to pkg audit. Also doesn't parse stdin but I agree this should be easy to workaround. Roger