> I finally gave up and deleted the db at > /var/db/portaudit/auditfile.tbz and then did the upgrade. > > It still flags firefox as a vulnerability, even though the problem it > references is supposed to be explicitly fixed in the version I have > installed (window injection vulnerability). > > Of course, you can the method described by another poster to get that > list, but I haven't been able to get portaudit to actually let me > upgrade. Even the portupgrade -f flag won't work and simply building > the port manually is also disabled for flagged ports. > > Portaudit seems more a hard lockdown than a warning system. I think > either I am not understanding how to manage it yet, or it has a couple > issues that have not been hammered out yet. Manpages don't have much > detail about this issue. I haven't had a chance to check on the > existence of a bug report yet, because I want to hunt down all the > docs I can first.
no need to fiddle with portaudit, as these can be fed directly to make or to portupgrade (with the -m flag). building ports despite vulnerabilities: -DDISABLE_VULNERABILITIES building ports despite ignore: -DNO_IGNORE to my knowledge, these are not yet documented anywhere but here in the mailing lists. i believe that the doc project is already looking to integrate this info into the ports manpage (or somewhere else equally sensible). on the off chance that they lost sight of this target, i'm adding them to cc. (: thank you docs team :) hth. cheers, epi _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
