pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ANN: Availability of pkg(8)-capable pkgsrc



Hey John,

On 12 November 2016 at 21:18, John Marino <netbsd%marino.st@localhost> wrote:
> Do you understand that pkg(8) displays vulnerability information directly?
> It's not a "duplicate", it's a summary.  There's a difference.  But that's
> only the case for FreeBSD Ports.  For pkgsrc auditing you get none of that
> because it's not available in vuxml.
>
> tldr; it adds a LOT of value.
>
> This isn't really subjective.

What it boils down to is this change potentially means the
pkgsrc-security@ team has to change how they perform their role and
you're calling it when you're not going to be the one having to sift
through the mess of advisories to fish out information before
embarking on some XML.

Do we not get a say in this?

That's why I'm raising the point about "duplication", why am I copying
the same information out from one place & adding it in to another If
we're not adding anything? why not direct the user to the original
source and get out of the way.


Sevan


Home | Main Index | Thread Index | Old Index