checking for vulnerabilities?
With in my root crontab (sudo crontab -e) I run: port selfupdate port sync && port outdated which is handy to identify when I need to upgrade. but what about when a vulnerability is known for which a port upgrade is not yet available? Is there any way to query installed ports for known vulnerabilities? // George -- George Georgalis, information system scientist <IXOYE><
On Dec 3, 2007, at 16:54, George Georgalis wrote:
With in my root crontab (sudo crontab -e) I run: port selfupdate port sync && port outdated
FYI, "selfupdate" includes "sync" so if you just did "selfupdate" you don't need to "sync" also; it's already been done for you.
which is handy to identify when I need to upgrade. but what about when a vulnerability is known for which a port upgrade is not yet available? Is there any way to query installed ports for known vulnerabilities?
There is absolutely nothing in place to separately deal with vulnerabilities. They would be handled like any other problem with a port. Someone would file a ticket in Trac and assign it to the maintainer and the maintainer would deal with it. If the port has no maintainer, someone would have to notice the ticket and deal with it. If you're interested in seeing if there are any open issues with ports you use, search for the port name in Trac.
participants (2)
-
George Georgalis
-
Ryan Schmidt