[src/trunk]: src/usr.sbin/pkg_install/add Document the vulnerable subdir.

[wiz <wiz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/1ec675274b31
branches:  trunk
changeset: 580733:1ec675274b31
user:      wiz <wiz%NetBSD.org@localhost>
date:      Fri May 06 22:45:56 2005 +0000

description:
Document the vulnerable subdir.
Reviewed by dillo and rillig.
Some minor fixes while I am here. Bump date.

diffstat:

 usr.sbin/pkg_install/add/pkg_add.1 |  39 +++++++++++++++++++++++++++++++------
 1 files changed, 32 insertions(+), 7 deletions(-)

diffs (80 lines):

diff -r 7f7bbfb29201 -r 1ec675274b31 usr.sbin/pkg_install/add/pkg_add.1
--- a/usr.sbin/pkg_install/add/pkg_add.1        Fri May 06 22:32:55 2005 +0000
+++ b/usr.sbin/pkg_install/add/pkg_add.1        Fri May 06 22:45:56 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: pkg_add.1,v 1.57 2005/02/26 14:09:57 grant Exp $
+.\" $NetBSD: pkg_add.1,v 1.58 2005/05/06 22:45:56 wiz Exp $
 .\"
 .\" FreeBSD install - a package for the installation and maintenance
 .\" of non-core utilities.
@@ -17,7 +17,7 @@
 .\"
 .\"     @(#)pkg_add.1
 .\"
-.Dd February 4, 2005
+.Dd May 7, 2005
 .Dt PKG_ADD 1
 .Os
 .Sh NAME
@@ -582,7 +582,7 @@
 .Pp
 You can specify a compiled binary package explicitly on the command line.
 .Bd -literal
-# pkg_add /usr/pkgsrc/packages/All/tcsh-6.10.00.tgz
+# pkg_add /usr/pkgsrc/packages/All/tcsh-6.14.00.tgz
 .Ed
 .Pp
 If you omit the version number,
@@ -596,16 +596,41 @@
 # pkg_add -v /usr/pkgsrc/packages/All/unzip
 .Ed
 .Pp
-You can grab a compiled binary package from remote location, by specifying
+You can grab a compiled binary package from remote location by specifying
 a URL.
 The URL can be put into an environment variable,
 .Ev PKG_PATH .
 .Bd -literal
-# pkg_add -v ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All/mozilla-1.7.3nb2.tgz
+# pkg_add -v ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All/firefox-1.0.3.tgz
 
 # export PKG_PATH=ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All
-# pkg_add -v mozilla
+# pkg_add -v firefox
 .Ed
+.Pp
+Over time, as problems are found in packages, they will be moved
+from the
+.Pa All
+subdirectory into the
+.Pa vulnerable
+subdirectory.
+If you want to accept vulnerable packages by default
+(and know what you are doing),
+you can add the
+.Pa vulnerable
+directory to your
+.Ev PKG_PATH
+like this:
+.Bd -literal
+# export PKG_PATH="ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All;ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/vulnerable";
+.Ed
+.Pp
+(The quotes are needed because semicolon
+.Pq Sq \&;
+is a shell meta-character.)
+If you do this, consider installing and using the
+.Pa security/audit-packages
+package and running it after every
+.Nm .
 .Sh SEE ALSO
 .Xr pkg_admin 1 ,
 .Xr pkg_create 1 ,
@@ -642,6 +667,6 @@
 value returned by
 .Fn sysconf _SC_ARG_MAX ) .
 .Pp
-Pkg upgrading needs a lot more work to be really universal.
+Package upgrading needs a lot more work to be really universal.
 .Pp
 Sure to be others.