Jacob Helwig <ja...@technosorcery.net> writes:

> In going through the FreeBSD Handbook (as of Sun Dec 7 02:44:11 UTC
> 2014), section 5.2 (Overview of Software Installation) mentions using
> ports-mgmt/portaudit to check for security issues.  Unfortunately,
> portaudit was removed from ports on October 13th[0].
> The commit that removed it says that “pkg audit” should be used
> instead ("portaudit expired when pkg_tools did, use pkg audit”), but
> as someone pretty new to FreeBSD, it’s not clear that this would be
> appropriate for ports usage.  Is “pkg audit” appropriate?  The
> language in the warning section of this Handbook section suggests that
> “pkg audit” isn’t appropriate outside of package use.  If “pkg audit”
> isn’t appropriate, what should be used instead?

"pkg audit" is appropriate in all cases (for versions of FreeBSD still
supported), and the warning should be changed to so indicate. [I can't
produce a patch for a PR at the moment, but the changes needed are
minor (but not QUITE trivial).]

Your confusion comes from the fact that once installed, there is no
difference between ports and packages, and pkg(8) is the tool for
handling them. This is true regardless of whether you used pkg to
install them in the first place.

freebsd-doc@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-doc-unsubscr...@freebsd.org"

Reply via email to