pkg audit-pkg RFQ
Roger Marquis
marquis at roble.com
Fri Aug 21 00:41:30 UTC 2015
Short of manually populating a temporary local.sqlite what might be more
extensible is a new pkg flag.
I believe it would be straightforward to add an "audit-pkg" flag (i.e., "pkg
audit-pkg [$pkgname] [...]") for either a single package or a list of
packages, on the command line or via stdin, installed or not, and return a
report on the vulnerability status of the specified ports/packages?
Essentially the same as "pkg audit" but with port/package names specified
rather than derived from local.sqlite.
As this patch would be for my own use it wouldn't have to be added to the port
(though other may also find it useful). Anyone interested in working on this
in the short term please send me an estimate of your schedule and the cost.
Roger Marquis
>I need to run a sort of ad hoc 'pkg audit' for various scenarios without
>actually installing packages (some of which are no longer available).
>Has anyone done this and, if so, how? Did you populate local.sqlite's packages
>table manually? What did the sql command look like?
>
>Is there a better way to do this?
More information about the freebsd-pkg
mailing list