From owner-freebsd-vuxml@FreeBSD.ORG  Tue Oct 19 20:41:02 2004
Return-Path: <owner-freebsd-vuxml@FreeBSD.ORG>
Delivered-To: freebsd-vuxml@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id D592C16A4CE; Tue, 19 Oct 2004 20:41:02 +0000 (GMT)
Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9C7C843D46; Tue, 19 Oct 2004 20:41:02 +0000 (GMT)
	(envelope-from dan@langille.org)
Received: from xeon (xeon.unixathome.org [192.168.0.18])
	by bast.unixathome.org (Postfix) with ESMTP id 049603D37;
	Tue, 19 Oct 2004 16:41:01 -0400 (EDT)
Date: Tue, 19 Oct 2004 16:41:01 -0400 (EDT)
From: Dan Langille <dan@langille.org>
X-X-Sender: dan@xeon.unixathome.org
To: "Jacques A. Vidrine" <nectar@FreeBSD.org>
In-Reply-To: <20041019145952.GA22119@madman.celabo.org>
Message-ID: <20041019163753.U74644@xeon.unixathome.org>
References: <20041017201037.V55729@xeon.unixathome.org>
 <20041019145952.GA22119@madman.celabo.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-vuxml@freebsd.org
Subject: Re: can portaudit report a fixed date/version?
X-BeenThere: freebsd-vuxml@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Documenting security issues in VuXML <freebsd-vuxml.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml>,
	<mailto:freebsd-vuxml-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-vuxml>
List-Post: <mailto:freebsd-vuxml@freebsd.org>
List-Help: <mailto:freebsd-vuxml-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml>,
	<mailto:freebsd-vuxml-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Oct 2004 20:41:02 -0000

On Tue, 19 Oct 2004, Jacques A. Vidrine wrote:

> On Sun, Oct 17, 2004 at 08:13:02PM -0400, Dan Langille wrote:
> > Hi folks:
> >
> > I have portaudit installed.  Each morning I get notified if there are any
> > vulnerabilities that I should know about.  That's good.
> >
> > I think portaudit should also tell me if it knows there is a fix available
> > in the tree.  That would immediately tell me that I can cvsup and get the
> > problem fixed.
> >
> > Comments?
>
> The VuXML format contains only which packages are affected, and not
> an direct indicator whether or not a fix has been applied.  This is
> by design.  Including that information would be redundant.  From
> VuXML, you know what package versions are affected.  From the Ports
> Collection, you know what package versions are available.

My thoughts were that an additional field could easily be added that
indicated whether or not a fix had been applied to the Ports Collection.
This would enabled portaudit to report immediately.

> A tool such as portaudit could compute whether a fix is available or
> not for you.  It might be a nice feature.

It would be a useful feature.  It would save many admins quite a bit of
time.

-- 
Dan Langille - http://www.langille.org/
BSDCan - The Technical BSD Conference: http://www.bsdcan.org/