Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Aug 2017 14:47:37 -0700 (PDT)
From:      Roger Marquis <marquis@roble.com>
To:        Remko Lodder <remko@FreeBSD.org>
Cc:        freebsd-security@freebsd.org, freebsd-pkg@freebsd.org
Subject:   Re: pkg audit false negatives
Message-ID:  <nycvar.OFS.7.76.1708111441430.53156@eboyr.pbz>
In-Reply-To: <D12FD70B-2F2B-4895-AB9D-1BD72F8512B6@FreeBSD.org>
References:  <nycvar.OFS.7.76.1708101931090.13252@eboyr.pbz> <C540BA50-5F06-4F99-A575-D27347A3F527@FreeBSD.org> <D12FD70B-2F2B-4895-AB9D-1BD72F8512B6@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
> It had been resolved for dovecot (it will now match both variants, since people might still have
> the old variant of the port installed) and there is a new paragraph added to the porters handbook
> which tells that we need to have a look at the vuxml entries.

Thanks Remko.

> Hope this solves your issue,

It may for renamed ports/pkgs but doesn't appear to for deprecations.
Once ports are dropped they do not show up in pkg-audit despite having
been installed via pkg and/or ports.  That's the false negative that
appears to still be a problem.

Roger



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nycvar.OFS.7.76.1708111441430.53156>