tech-pkg: ALLOW_VULNERABLE_PACKAGES should be precise

Subject: ALLOW_VULNERABLE_PACKAGES should be precise
To: None <tech-pkg@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-pkg
Date: 08/26/2005 00:39:44

Instead of define ALLOW_VULNERABLE_PACKAGES if this package is absolutely 
essential, we should require that it be set to the package name itself.

That way if someone chose to define ALLOW_VULNERABLE_PACKAGES for one 
particular package they can't bypass the vulnerabilities warning in 
another package.

ALLOW_VULNERABLE_PACKAGES+= gcpio foo bar baz

In fact, we could make it even more precise such as include version and 
PKGREVISION such as:

bmake ALLOW_VULNERABLE_PACKAGES=gcpio-2.5nb1 install

Thoughts?

(I wonder if anyone sets ALLOW_VULNERABLE_PACKAGES in their mk.conf...)

  Jeremy C. Reed

  	  	 	 Media Relations and Publishing Services
 	  	 	 http://www.reedmedia.net/