pkg audit false negatives
Remko Lodder
remko at FreeBSD.org
Fri Aug 11 18:45:47 UTC 2017
Hi Roger,
> On 11 Aug 2017, at 17:14, Remko Lodder <remko at freebsd.org> wrote:
>
> Hi Roger,
>
>> On 11 Aug 2017, at 04:41, Roger Marquis <marquis at roble.com> wrote:
>>
>> In the past pkg-audit and even pkg-version have not been reliable tools
>> where installed ports or packages have been subsequently discontinued or
>> renamed. Today, however, I notice that dovecot2 is still showing up in
>> the output of pkg-version despite the port having been renamed to
>> dovecot (without the numeric suffix) several days ago.
>
It had been resolved for dovecot (it will now match both variants, since people might still have
the old variant of the port installed) and there is a new paragraph added to the porters handbook
which tells that we need to have a look at the vuxml entries.
Hope this solves your issue,
Remko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170811/843d2064/attachment.sig>
More information about the freebsd-security
mailing list