Steve Wills <swi...@freebsd.org> writes: > Hi, > > On 10/09/2017 16:34, Jan Beich wrote: >> Matthew Seaman <matt...@freebsd.org> writes: >> >>> On 09/10/2017 16:57, Roger Marquis wrote: >>> >>>> Can anyone say what mechanisms the ports-security team might have in >>>> place to monitor CVEs and port software versions? > > I've been hacking at a prototype for scanning what I can find: > > https://github.com/swills/nvd_to_new_vuxml
Wouldn't that encourage copypasta, exacerbating filesize issue? Why not teach pkg-audit(8) to query NVD based on CPE annotations in *binary* packages? Doing so would also provide a workaround for VuXML entries cancelled to reduce bloat. _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
