On Wed, 4 Feb 2004 21:26:01 +0200
Ion-Mihai Tetcu <[EMAIL PROTECTED]> wrote:
> >>> Type: FEATURE
> Title: Do not install ports with security vulnerabilities
> Now, maybe this could be clarified a little bit in CHANGES ?
> For using the new security feature of ports infrastructure, you should:
> cd /usr/ports/security/portaudit; make install
Note that this is a prerelease version, it is mostly usable for
committers that want to contribute to the project, and can currently
not be relied upon as an extensive security auditing tool.
> To test:
> cd /usr/ports/security/vulnerability-test-port
> make INSTALLATION_DATE=`date -u -v-14d "+%Y.%m.%d"` install
> A message like this should appear:
> ===> vulnerability-test-port-2004.01.14 has known vulnerabilities:
> >> Not vulnerable, just a test port (database: 2004-01-28).
> >> Please update your ports tree and try again.
> *** Error code 1
> If you don't install this port, for the majority of make's targtets you
> will get the following message:
> ===> Vulnerability check disabled
> IMHO, as this is a log desired feature, a news on annouce@ / security /
> security-notifications could be send.
> Now, what is the status of the vulnerabilities database ?
Did I just responded to my question ?
Unregistered ;) FreeBSD user
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"