Folks - I'm coming to the conclusion that for host which I'm using the system version of various tools[1] I have bad visibility for when these versions of the package become insecure and require an update.
Given that we don't have system packages to list in some manner similar to pkgsrc packages, what is the best method for comparing these against the content of the vulnerabilities file? I tend to use the released versions of the OS from the relevant .iso - as part of the build process would it make sense to produce a file somewhere in /etc which lists the various bundled package versions grouped by install set? Alternatively, has anyone got a guide for how to disable/replace as much of the system-supplied packages with their pkgsrc equivalent and get around the visibility problem that way? This may be preferable as then we can update individual packages as required. Regards, Maloclm [1] sshd, named/bind, postfix in the main -- Malcolm Herbert m...@mjch.net
