Subject: Re: pkg/19479: pkgsrc waits until package is built to check for security alert
To: John Franklin <franklin@elfie.org>
From: Alistair Crooks <agc@wasabisystems.com>
List: tech-pkg
Date: 12/22/2002 10:08:10
On Fri, Dec 20, 2002 at 10:18:41PM -0500, John Franklin wrote:
> On Fri, Dec 20, 2002 at 04:59:26PM -0800, Jeremy C. Reed wrote:
> > On Fri, 20 Dec 2002 franklin@elfie.org wrote:
> > > Add checks early on in the make process that a package has a security
> > > alert issued for it.
> > 
> > Are you talking about audit-packages?
> > 
> > Are you suggesting checking the vulnerabilities list at beginning of the
> > make? That does sound like an okay idea (if audit-packages is installed).
> 
> Yes, and yes.

pkg_info(1) used to need an installed package name for it to do its
matching.  Hence the check at install time for a vulnerable package.

I'm still not too chuffed about the interface that pkg_admin has.

More as it happens,
Alistair