Subject: Re: Damn it! pkgsrc stupidity again
To: Ignatios Souvatzis <is@netbsd.org>
From: David Maxwell <david@vex.net>
List: tech-pkg
Date: 11/01/2006 09:49:29
On Wed, Nov 01, 2006 at 07:47:19AM +0100, Ignatios Souvatzis wrote:
> On Tue, Oct 31, 2006 at 04:30:20PM -0800, John Klos wrote:
> >
> > However, why does "make update" delete a package BEFORE reporting the
> > relevant package as insecure?
>
> Because it is checking the new package when building it.
It's certainly less convienient. It probably hasn't shown up as an issue
since vulnerable packages are relatively rare at any point in time.
A simple answer would be to check a second time, before the pkg_delete.
Yes, that means it will be done twice, but I don't think the update case
needs to be that micro-optimized.
--
David Maxwell, david@vex.net|david@maxwell.net -->
An organization gets what it rewards.
- Perry Metzger