On Sat, 9 May 2020 at 08:46, Ottavio Caruso <ottavio2006-usenet2...@yahoo.com> wrote: > > [Adding netbsd-docs@ to recipients] > > On Sat, 9 May 2020 at 05:57, Martin Husemann <mar...@duskware.de> wrote: > > > > On Sat, May 09, 2020 at 01:00:18AM +0200, Jesus Cea wrote: > > > According to > > > <https://www.netbsd.org/docs/pkgsrc/faq.html#audit-packages>, the > > > vulnerability file is available at > > > <ftp://ftp.NetBSD.org/pkgsrc/distfiles/pkg-vulnerabilities>. That URL is > > > wrong. > > > > Why do you think so? > > > > > The right one is > > > <ftp://ftp.netbsd.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities>. > > > > That one does not exist. > > > > Martin > > Valid point. > > However, on a standard pkgsrc bootstrap, the url is automatically adjusted to: > > $ sudo pkg_admin config-var PKGVULNURL > http://cdn.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz > > even without initialising pkg_install.conf. > > So: the guide is wrong but pkg_admin does fetch a valid vulnerability file.
Apologies: I have misquoted. The "valid point" was meant to be on Jesus Cea's original post. -- Ottavio Caruso
