[MacPorts] #43291: more integrated security notification: security page, port selfupdate notice, ...
MacPorts
noreply at macports.org
Tue Apr 8 18:11:03 PDT 2014
#43291: more integrated security notification: security page, port selfupdate
notice, ...
-------------------------+--------------------------------
Reporter: jul_bsd@… | Owner: macports-tickets@…
Type: enhancement | Status: new
Priority: Normal | Milestone:
Component: base | Version:
Keywords: | Port:
-------------------------+--------------------------------
Currently, macports does not make any difference about update, be it
general/functions, security, reliability or else.
It would be nice if for more aggravated categories, there were better
notification to user to encourage applying update ASAP. While any
competent administrator should be aware of security-announce@ list for his
software, that's probably only a part of macports' users.
My wishlist
- port selfupdate and sync would notify user that there are some
security/reliability update pending, eventually listing them
- have a /security/ webpage which lists updates in this category, possibly
w a RSS feed
As a comparison point
- OpenBSD ports had a webpage but was removed in favor of mailing-list
http://www.openbsd.org/pkg-stable41.html
http://www.openbsd.org/cgi-bin/cvsweb/www/pkg-stable41.html
- FreeBSD and NetBSD seems to rely on a port audit command
http://www.freebsd.org/doc/handbook/security-portaudit.html
http://vuxml.freebsd.org/
http://www.netbsd.org/support/security/
http://ftp.netbsd.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities
- DragonFly as an audit command
http://www.dragonflybsd.org/docs/howtos/HowToDPorts/
- Fink has a security policy but no package listing or notification it
seems
http://fink.thetis.ig42.org/doc/security/sec-policy.en.html
- find nothing for homebrew
--
Ticket URL: <https://trac.macports.org/ticket/43291>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list