Subject: Re: Handling of security reports for bootstrapped pkgsrc tools on non-NetBSD OSes
To: Adrian Portelli <>
From: Daniel Carosone <>
List: tech-security
Date: 01/10/2005 21:22:17
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jan 10, 2005 at 09:50:28AM +0000, Adrian Portelli wrote:
> Now for the first list it looks like the bootstrap process just dives=20
> into the relevant part of pkgsrc src and builds and installs the=20
> packages it needs.  So we should look to maybe adding some extra entries=
> to the initial pkgdbdir that's created to cover these.  That way an=20
> audit-packages run will pick these up.

I spoke to Grant a while back about exactly this: sythesising db
entries for these 'packages', to facilitate later upgrades.=20

It's somewhere on the radar, not sure exactly where.

> Now for the second list . . . an entry for bootstrap its self in pkgdbdir=

Would be good.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.0 (NetBSD)

