New pkg audit FNs
Jan Beich
jbeich at FreeBSD.org
Mon Oct 9 21:55:26 UTC 2017
Steve Wills <swills at FreeBSD.org> writes:
> Hi,
>
> On 10/09/2017 16:34, Jan Beich wrote:
>> Matthew Seaman <matthew at FreeBSD.org> writes:
>>
>>> On 09/10/2017 16:57, Roger Marquis wrote:
>>>
>>>> Can anyone say what mechanisms the ports-security team might have in
>>>> place to monitor CVEs and port software versions?
>
> I've been hacking at a prototype for scanning what I can find:
>
> https://github.com/swills/nvd_to_new_vuxml
Wouldn't that encourage copypasta, exacerbating filesize issue? Why not
teach pkg-audit(8) to query NVD based on CPE annotations in *binary* packages?
Doing so would also provide a workaround for VuXML entries cancelled
to reduce bloat.
More information about the freebsd-ports
mailing list