From owner-freebsd-vuxml@FreeBSD.ORG Tue Oct 19 21:33:55 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B050416A4CE for ; Tue, 19 Oct 2004 21:33:55 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 56A8943D4C for ; Tue, 19 Oct 2004 21:33:55 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id D302B5485D; Tue, 19 Oct 2004 16:33:54 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 49447-04; Tue, 19 Oct 2004 16:33:44 -0500 (CDT) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id 36F835482B; Tue, 19 Oct 2004 16:33:44 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id 16FB06D468; Tue, 19 Oct 2004 16:33:30 -0500 (CDT) Date: Tue, 19 Oct 2004 16:33:30 -0500 From: "Jacques A. Vidrine" To: Dan Langille Message-ID: <20041019213329.GB45466@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Dan Langille , freebsd-vuxml@freebsd.org References: <20041017201037.V55729@xeon.unixathome.org> <20041019145952.GA22119@madman.celabo.org> <20041019163753.U74644@xeon.unixathome.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041019163753.U74644@xeon.unixathome.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-vuxml@freebsd.org Subject: Re: can portaudit report a fixed date/version? X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Oct 2004 21:33:55 -0000 On Tue, Oct 19, 2004 at 04:41:01PM -0400, Dan Langille wrote: > My thoughts were that an additional field could easily be added It could be easily added, but I'm not sure that it would be easily maintained. Today, we can fairly accurately predict what currently non-existent versions of the port will be fixed when we fill out . That means that in the vast majority of cases, when the port has been fixed, no one needs to do anything special: the new version automatically shows up as not affected. If we make this explicit instead, then it is extra work. Additionally, there is the evil of duplicating data, which I mostly want to avoid. But, why not throw out a strawman example of what you mean so that we can get more discussion going about it? > that indicated whether or not a fix had been applied to the Ports > Collection. This would enabled portaudit to report immediately. > > > A tool such as portaudit could compute whether a fix is available or > > not for you. It might be a nice feature. > > It would be a useful feature. Maybe the portaudit author will add it. It is mostly trivial. I can, however, think of at least one edge case where it is *not* trivial--- e.g. the `fix' involves a change in the package name. > It would save many admins quite a bit of time. How so? (serious question) Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org