Date: Fri, 11 Aug 2017 17:14:28 +0200 From: Remko Lodder <remko@FreeBSD.org> To: Roger Marquis <marquis@roble.com> Cc: freebsd-security@freebsd.org, freebsd-pkg@freebsd.org Subject: Re: pkg audit false negatives Message-ID: <C540BA50-5F06-4F99-A575-D27347A3F527@FreeBSD.org> In-Reply-To: <nycvar.OFS.7.76.1708101931090.13252@eboyr.pbz> References: <nycvar.OFS.7.76.1708101931090.13252@eboyr.pbz>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_053F32CE-BC04-4500-AC9C-41D79BFFB0AC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Roger, > On 11 Aug 2017, at 04:41, Roger Marquis <marquis@roble.com> wrote: >=20 > In the past pkg-audit and even pkg-version have not been reliable = tools > where installed ports or packages have been subsequently discontinued = or > renamed. Today, however, I notice that dovecot2 is still showing up = in > the output of pkg-version despite the port having been renamed to > dovecot (without the numeric suffix) several days ago. Yes, there is a difference between renaming a port, and renaming the = vuxml (which is the database behind pkg audit etc.) entries. The entries are listed as = =E2=80=98dovecot2-*=E2=80=99 there and when renaming a port these entries should ideally be renamed too. It seems that that was not under consideration at the name change = moment(s). I=E2=80=99ll try to look into this (starting by prodding the person(s) = who did the rename) and asking them to rename the entries in vuxml as well. >=20 > Does this mean there has been a policy change? If so does it cover > pkg-audit as well? There had been no policy change. The application backend is just = matching on what was recorded at the moment it was added. Thanks for the notification though, we should add that to the = porters-handbook. Cheers REmko >=20 > Roger > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" --Apple-Mail=_053F32CE-BC04-4500-AC9C-41D79BFFB0AC Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZjcnUAAoJEHE1jtY/d0B5a7wP/jwjkobRgj1I4m471O5zFjEk h/gWhQlALUQSEOO2R/s4UlQDVDtbq4y+4IW0NVGBjps5JiYF8IQNMLtdhsM59TU+ XyQ+qLJKecTCX/pxIdgHg0ZwMnl5mvtozixMR41DVVHogxfaPjyiH0YhHBz0VMhG Q6P9sqY0N1aTBEg60yd0BB5zJ5OY4N3MX+sODxDif114RHly5codset2HRnESUhm Isv7bBw0463M2zjOHE94NuAJy7/bkep6IZ7HjyWAy6yBcIQ9AlHq9LzKvIlL7cZ4 ZBsbHQH7/4jwBzEZYJhu9mIyQn2nCHtmaFEyNpyhghBf/wms0p8y6X/shkLty/HP KaFGZ67azT0mtDR7XCrlNm3ciHeCC/xBWA9LVna+JFNuO5k2UKZn8wTYe34Ix+jl AVuPs2YvWFPrEtvOyi3rvlRABYajYr3pYZjDXZAnS0HBfxQcOAUlTljudoyJv/IV zn0raWOKKGsICYqn0ZndN3LOL6NmLXfZAR8+o6DzP5NCn3zMgNudK7y38uiAcTTy jeLW+O2Eeh+doxW5pHRJQqcjmE/ukZ8kksYankZpScX5joU6DO+XhvmaMH+6pVJ+ dqw9iX4FiW5rrCiIRgsprLl3eFDn67tzM+n7n5yaNlw9ICk2n12BK28K8iqOi5Ct /FCTg4Z5AiqNuCvh23uH =QAqC -----END PGP SIGNATURE----- --Apple-Mail=_053F32CE-BC04-4500-AC9C-41D79BFFB0AC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C540BA50-5F06-4F99-A575-D27347A3F527>