cvs commit: doc/en_US.ISO8859-1/books/handbook/ports chapter.sgml

Xin LI delphij at frontfree.net
Sat Apr 3 09:01:00 PST 2004


On Sat, Apr 03, 2004 at 06:30:04PM +0200, Simon L. Nielsen wrote:
> 
> On 2004.04.03 08:21:33 -0800, Marc Fonvieille wrote:
> > blackend    2004/04/03 08:21:33 PST
> > 
> >   FreeBSD doc repository
> > 
> >   Modified files:
> >     en_US.ISO8859-1/books/handbook/ports chapter.sgml 
> >   Log:
> >   Add some warnings: people should check http://vuxml.freebsd.org/ before
> >   installing any application.
> 
> Isn't that a bit overkill?  Ports that have security issues are marked
> FORBIDDEN so users can't install them.  If people want extra securirty
> they can use portaudit which checks the vuxml databases automatically.
> 
> I also think it would be very hard to check vuxml manually in many
> cases, since ports can have a lot of dependencies, which might also
> contain security problems.

I think we'd better introduce portaudit to users, so I'd proposal
the patch attached.

Cheers,
-- 
Xin LI <delphij frontfree net>	http://www.delphij.net/
See complete headers for GPG key and other information.

-------------- next part --------------
Index: en_US.ISO8859-1/books/handbook/ports/chapter.sgml
===================================================================
RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/ports/chapter.sgml,v
retrieving revision 1.216
diff -u -r1.216 chapter.sgml
--- en_US.ISO8859-1/books/handbook/ports/chapter.sgml	3 Apr 2004 16:21:33 -0000	1.216
+++ en_US.ISO8859-1/books/handbook/ports/chapter.sgml	3 Apr 2004 16:59:48 -0000
@@ -218,6 +218,11 @@
       <para>Before installing any application, you should check <ulink
 	url="http://vuxml.freebsd.org/"></ulink> for security issues
 	related to your application.</para>
+      <para>You can also install <filename role="package">security/portaudit</filename>
+	which will automatically check all installed packages/ports, and
+	before you are building a port. Meanwhile, you can have a
+	<command>portaudit -F -a</command> after you have installed some
+	packages.</command></para>
     </warning>
 
     <para>The remainder of this chapter will explain how to use
@@ -754,6 +759,14 @@
 	  an up-to-date ports collection and you should check <ulink
 	  url="http://vuxml.freebsd.org/"></ulink> for security issues
 	  related to your port.</para>
+	<para>This can be automatically done by <command>portaudit</command>
+	  which could be founded in <filename
+	  role="package">security/portaudit</filename>. Consider running
+	  <command>portaudit -F</command> before you are installing a
+	  new port, and the ports system will check the port for
+	  security issues for you automatically. As a bonus, a security
+	  audit will be sent with your periodic mail everyday to report
+	  whether new problems are found.</para>
       </warning>
 
       <sect3 id="ports-cd">
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-doc/attachments/20040404/4db88879/attachment.bin


More information about the cvs-doc mailing list