From owner-freebsd-stable Tue Apr 24 12: 8:28 2001 Delivered-To: freebsd-stable@freebsd.org Received: from sj-msg-core-2.cisco.com (sj-msg-core-2.cisco.com [171.69.43.88]) by hub.freebsd.org (Postfix) with ESMTP id 7271B37B43C; Tue, 24 Apr 2001 12:08:22 -0700 (PDT) (envelope-from bmah@cisco.com) Received: from bmah-freebsd-0.cisco.com (bmah-freebsd-0.cisco.com [171.70.84.42]) by sj-msg-core-2.cisco.com (8.9.3/8.9.1) with ESMTP id MAA17785; Tue, 24 Apr 2001 12:08:25 -0700 (PDT) Received: (from bmah@localhost) by bmah-freebsd-0.cisco.com (8.11.3/8.11.1) id f3OJ7u103414; Tue, 24 Apr 2001 12:07:56 -0700 (PDT) (envelope-from bmah) Message-Id: <200104241907.f3OJ7u103414@bmah-freebsd-0.cisco.com> X-Mailer: exmh version 2.3.1 01/19/2001 with nmh-1.0.4 To: Kris Kennaway Cc: Sean Chittenden , Calvin NG , Sean Chittenden , Jeff Kletsky , freebsd-stable@FreeBSD.ORG, bmah@FreeBSD.ORG Subject: Re: pkg_version perl hacker project In-Reply-To: <20010424120052.H89156@xor.obsecurity.org> References: <20010423231827.A19530@rand.tgd.net> <20010424142340.E5216@brel.com> <20010424014833.B19530@rand.tgd.net> <20010424120052.H89156@xor.obsecurity.org> Comments: In-reply-to Kris Kennaway message dated "Tue, 24 Apr 2001 12:00:52 -0700." From: bmah@FreeBSD.ORG (Bruce A. Mah) Reply-To: bmah@FreeBSD.ORG X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-Url: http://www.employees.org/~bmah/ Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-753634348P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Tue, 24 Apr 2001 12:07:56 -0700 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --==_Exmh_-753634348P Content-Type: text/plain; charset=us-ascii If memory serves me right, Kris Kennaway wrote: Couple o' random thoughts, don't have time to look into this myself... > This could be done as an extension to pkg_version, since much of the > code you will need to manage versions is already there, and it's a > logical extension of that program's function. Or you can use pkg_version's -t flag to help with the comparisons if you think running as a separate script is better. > NetBSD have a port called audit-packages which does something similar, > but not quite the same as the above (last I checked) -- it might still > be useful as a starting point. Think about where to put the parsed set of vulnerable packages. It might live under /usr/ports or reside somewhere on the network. Use fetch(1) to grab it from there, like pkg_version does for the INDEX file. Bruce. PS. Jeff Kletsky, sorry I haven't looked at your dependency graphing tool...I'm mildly thrashing right now. Sounds pretty neat though! --==_Exmh_-753634348P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: Exmh version 2.2 06/23/2000 iD8DBQE65c8M2MoxcVugUsMRAkbnAJ9JTeUOiZNkhcUtagiouDJNMatd3QCg8ZQT oVZy3+zh045FL+GEZDsUL54= =o/j+ -----END PGP SIGNATURE----- --==_Exmh_-753634348P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message