Re: HEADS UP: security/audit-packages removal

To: pkgsrc-users%NetBSD.org@localhost
Subject: Re: HEADS UP: security/audit-packages removal
From: "Jeremy C. Reed" <reed%reedmedia.net@localhost>
Date: Tue, 8 Jan 2008 17:00:24 -0600 (CST)

I don't see what the problem is with removing security/audit-packages.

Removing the security/audit-packages from pkgsrc doesn't remove the 
package from the user's system.

And if the user doesn't already use it, it doesn't matter.

If they choose to use someday, then they can choose to update their 
pkg_install (if they still don't have it).

As for the vulnerabilities database itself, maybe it should be maintained 
for a couple quarters.

Also once we choose end-of-life for the package and the database, the 
pkg-vulnerabilities file itself should be updated with a new 
audit-packages entry to point to it.

Or maybe keep the audit-packages for more quarters but have it fail to 
build because of the audit-packages entry (which will inform those who 
already have it) and add some custom variable also to inform others (can't 
install without setting it).

References:
- HEADS UP: security/audit-packages removal
  - From: Adrian Portelli
- Re: HEADS UP: security/audit-packages removal
  - From: Greg Troxel
- Re: HEADS UP: security/audit-packages removal
  - From: Adrian Portelli
- Re: HEADS UP: security/audit-packages removal
  - From: Greg Troxel
- Re: HEADS UP: security/audit-packages removal
  - From: Joerg Sonnenberger
- Re: HEADS UP: security/audit-packages removal
  - From: Greg Troxel
- Re: HEADS UP: security/audit-packages removal
  - From: Matthias Scheler
- Re: HEADS UP: security/audit-packages removal
  - From: Adrian Portelli

Prev by Date: Re: HEADS UP: security/audit-packages removal
Next by Date: Re: Update pkgsrc/devel/netbeans-ide?
Previous by Thread: Re: HEADS UP: security/audit-packages removal
Next by Thread: subversion-base problem (I think it was neon)
Indexes:

Home | Main Index | Thread Index | Old Index