Date: Mon, 09 Oct 2017 23:55:22 +0200 From: Jan Beich <jbeich@FreeBSD.org> To: Steve Wills <swills@FreeBSD.org> Cc: Matthew Seaman <matthew@FreeBSD.org>, ale@Freebsd.org, freebsd-ports@freebsd.org Subject: Re: New pkg audit FNs Message-ID: <o9pg-ouk5-wny@FreeBSD.org> In-Reply-To: <d56ddf99-a1fc-e813-67ed-ea6d65c8211f@FreeBSD.org> (Steve Wills's message of "Mon, 9 Oct 2017 17:09:28 -0400") References: <nycvar.OFS.7.76.1710090833020.60492@eboyr.pbz> <b63f2936-e922-4a90-f256-6d7870dbd55b@FreeBSD.org> <tvz8-rrf3-wny@FreeBSD.org> <d56ddf99-a1fc-e813-67ed-ea6d65c8211f@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Steve Wills <swills@FreeBSD.org> writes: > Hi, > > On 10/09/2017 16:34, Jan Beich wrote: >> Matthew Seaman <matthew@FreeBSD.org> writes: >> >>> On 09/10/2017 16:57, Roger Marquis wrote: >>> >>>> Can anyone say what mechanisms the ports-security team might have in >>>> place to monitor CVEs and port software versions? > > I've been hacking at a prototype for scanning what I can find: > > https://github.com/swills/nvd_to_new_vuxml Wouldn't that encourage copypasta, exacerbating filesize issue? Why not teach pkg-audit(8) to query NVD based on CPE annotations in *binary* packages? Doing so would also provide a workaround for VuXML entries cancelled to reduce bloat.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?o9pg-ouk5-wny>