On Jun 5, 2014, at 1:35 AM, Jonathan Perkin via smartos-discuss <[email protected]> wrote: > > It's worth noting at this point that pkgsrc has native support for > reporting on vulnerable packages. We have a pkgsrc security team who > maintain a file containing all known vulnerabilities, and it is > matched against the packages you have installed.
"worth noting" is a massive understatement! This is a valuable service that should be trumpeted, especially in these days of OpenSSL-patch-du-jour -- richard > To use it, run: > > $ pkg_admin fetch-pkg-vulnerabilities > $ pkg_admin audit > > You may find with older images that there are rather a lot of matching > vulnerabilities! > > Regards, > > -- > Jonathan Perkin - Joyent, Inc. - www.joyent.com > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
