Date: Sun, 07 Dec 2014 08:11:25 -0500 From: Lowell Gilbert <freebsd-lists@be-well.ilk.org> To: Jacob Helwig <jacob@technosorcery.net> Cc: freebsd-doc@freebsd.org Subject: Re: Issue with Handbook section 5.2 Message-ID: <44388rwqo2.fsf@lowell-desk.lan> In-Reply-To: <B06E0DF0-73F5-4B6B-A7B3-EFCCC9AD875A@technosorcery.net> (Jacob Helwig's message of "Sat, 6 Dec 2014 18:58:13 -0800") References: <B06E0DF0-73F5-4B6B-A7B3-EFCCC9AD875A@technosorcery.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jacob Helwig <jacob@technosorcery.net> writes:
> In going through the FreeBSD Handbook (as of Sun Dec 7 02:44:11 UTC
> 2014), section 5.2 (Overview of Software Installation) mentions using
> ports-mgmt/portaudit to check for security issues. Unfortunately,
> portaudit was removed from ports on October 13th[0].
>
> The commit that removed it says that =93pkg audit=94 should be used
> instead ("portaudit expired when pkg_tools did, use pkg audit=94), but
> as someone pretty new to FreeBSD, it=92s not clear that this would be
> appropriate for ports usage. Is =93pkg audit=94 appropriate? The
> language in the warning section of this Handbook section suggests that
> =93pkg audit=94 isn=92t appropriate outside of package use. If =93pkg au=
dit=94
> isn=92t appropriate, what should be used instead?
"pkg audit" is appropriate in all cases (for versions of FreeBSD still
supported), and the warning should be changed to so indicate. [I can't
produce a patch for a PR at the moment, but the changes needed are
minor (but not QUITE trivial).]
Your confusion comes from the fact that once installed, there is no
difference between ports and packages, and pkg(8) is the tool for
handling them. This is true regardless of whether you used pkg to
install them in the first place.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44388rwqo2.fsf>