pkg audit false negatives
Roger Marquis
marquis at roble.com
Mon Aug 14 15:55:32 UTC 2017
>> That leaves just unpackaged base as FreeBSD's remaining audit weakness.
>
> Hi, I am happy that I can reduce your worry factor a bit ;-)
>
> Can you share what the audit weakness is? freebsd-update cron checks
> whether or not an update is available and then emails you. If you run
> -RELEASE, then that means that either an EN or SA had been released..
Can you run freebsd-update on a -RELEASE system installed and maintained
with buildworld/buildkernel/installkernel/installworld?
Though it's been more than a year since the last time I tested
freebsd-update, on Virtualbox VMs, it resulted in too many bricked
systems to rely on. That may have changed but it would still be better
to build a packaged base or have reproduceable builds as lighter-weight
solutions to the base audit issue.
Roger
More information about the freebsd-pkg
mailing list