Subject: Re: pkg-vulnerabilities error message
To: Martin Weber <Ephaeton@gmx.net>
From: Alistair Crooks <agc@pkgsrc.org>
List: tech-pkg
Date: 01/04/2004 09:29:04
On Tue, Dec 30, 2003 at 12:21:44AM +0100, Martin Weber wrote:
> On Mon, Dec 29, 2003 at 11:58:02AM -0500, Perry E. Metzger wrote:
> >
> > Michal Pasternak <michal@pasternak.w.lub.pl> writes:
> > > Perry E. Metzger [Mon, Dec 29, 2003 at 11:20:41AM -0500]:
> > >> We really either need to remove that message, or add a job that
> > >> automatically tweaks the vulnerability list if it hasn't been touched
> > >> in a few days. Getting this message spuriously is a serious pain in
> > >> the neck -- we should not generate errors if all is well.
> > >
> > > And how do you know if it is really all well?
> >
> > If you can download the file without any trouble, then you should not
> > be screaming. At worst, an alarm should be screaming for the pkgsrc
> > maintainers, not for each of the tens of thousands of users.
>
> ...
>
> 221-
> Data traffic for this session was 40312 bytes in 1 file.
> Total traffic for this session was 44634 bytes in 1 transfer.
> 221 Thank you for using the FTP service on ftp.NetBSD.org.
> No change from existing package vulnerabilities file
>
> ...
>
> This implies a successful attempt of the system administrator (or
> cron) to fetch the vulnerabilities file. If you patch
> download-vulnerability-list like this ...
...you'd lose useful information.
I've changed audit-packages to only output the "over 7 days" message if
-v is specified on the command line.
Regards,
Alistair
--
Alistair Crooks <agc@pkgsrc.org>