Date: Sat, 3 Apr 2004 18:47:47 +0200 From: Marc Fonvieille <blackend@FreeBSD.org> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: doc/en_US.ISO8859-1/books/handbook/ports chapter.sgml Message-ID: <20040403164746.GA89587@abigail.blackend.org> In-Reply-To: <20040403163003.GE870@zaphod.nitro.dk> References: <200404031621.i33GLXi0093774@repoman.freebsd.org> <20040403163003.GE870@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
--h31gzZEtNLTqOjlF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Apr 03, 2004 at 06:30:04PM +0200, Simon L. Nielsen wrote: [...] > > Log: > > Add some warnings: people should check http://vuxml.freebsd.org/ befo= re > > installing any application. >=20 > Isn't that a bit overkill? Ports that have security issues are marked > FORBIDDEN so users can't install them. If people want extra securirty > they can use portaudit which checks the vuxml databases automatically. >=20 It's overkill for some persons but for persons who have old ports collection, packages on an old CD etc. it's not "too much" to point them to the security issues database. The security aspect was not really mentioned in the ports chapter. > I also think it would be very hard to check vuxml manually in many > cases, since ports can have a lot of dependencies, which might also > contain security problems. Well it's a VuXML issue :) However http://www.vuxml.org/freebsd/index-pkg.html is not a so bad thing. Marc --h31gzZEtNLTqOjlF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAbuqx81T1MWxkgcoRAtycAKCi5GllXHGojBwsnVdbTpN9j9nYpgCfbLiL 35FbxoYvvU7JW/l/uxMvLQ8= =jUt0 -----END PGP SIGNATURE----- --h31gzZEtNLTqOjlF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040403164746.GA89587>