Re: pkg/54048

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost,tiago%seco.ws@localhost
Subject: Re: pkg/54048
From: Jonathan Perkin <jperkin%joyent.com@localhost>
Date: Mon, 19 Oct 2020 14:55:01 +0000 (UTC)

The following reply was made to PR pkg/54048; it has been noted by GNATS.

From: Jonathan Perkin <jperkin%joyent.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost,
	tiago%seco.ws@localhost
Subject: Re: pkg/54048
Date: Mon, 19 Oct 2020 15:52:49 +0100

 The pkgsrc-security key has been updated, which will no longer cause
 failures, but you will still see warnings due to the key being signed
 by newer GnuPG keys (as far as we're aware).

 For now I'm using this quick hack in my SmartOS/illumos and macOS
 package sets to just ignore the warning:

   https://github.com/joyent/pkgsrc/commit/1a171bc4c27a22eceb284af2e221fbef66282a4c

 and "pkg_admin check-pkg-vulnerabilities -s" works again.

 The NetBSD netpgp has been correctly patched to handle the subpacket,
 and I'm hoping netpgpverify will also have a proper fix in due course.

 -- 
 Jonathan Perkin  -  Joyent, Inc.  -  www.joyent.com

Prev by Date: Re: pkg/54048
Next by Date: Re: pkg/23245 (security/stunnel does not terminate properly.)
Previous by Thread: Re: pkg/54048
Next by Thread: Re: pkg/54056 (Python27 fails to build on Fedora 29)
Indexes:

Home | Main Index | Thread Index | Old Index