can portaudit report a fixed date/version?
Dan Langille
dan at langille.org
Tue Oct 19 13:41:02 PDT 2004
On Tue, 19 Oct 2004, Jacques A. Vidrine wrote:
> On Sun, Oct 17, 2004 at 08:13:02PM -0400, Dan Langille wrote:
> > Hi folks:
> >
> > I have portaudit installed. Each morning I get notified if there are any
> > vulnerabilities that I should know about. That's good.
> >
> > I think portaudit should also tell me if it knows there is a fix available
> > in the tree. That would immediately tell me that I can cvsup and get the
> > problem fixed.
> >
> > Comments?
>
> The VuXML format contains only which packages are affected, and not
> an direct indicator whether or not a fix has been applied. This is
> by design. Including that information would be redundant. From
> VuXML, you know what package versions are affected. From the Ports
> Collection, you know what package versions are available.
My thoughts were that an additional field could easily be added that
indicated whether or not a fix had been applied to the Ports Collection.
This would enabled portaudit to report immediately.
> A tool such as portaudit could compute whether a fix is available or
> not for you. It might be a nice feature.
It would be a useful feature. It would save many admins quite a bit of
time.
--
Dan Langille - http://www.langille.org/
BSDCan - The Technical BSD Conference: http://www.bsdcan.org/
More information about the freebsd-vuxml
mailing list