On Wed, Sep 7, 2016, at 18:23, Ben Woods wrote: > > Just a thought, once we move to PkgBase, will this simply work work "pkg > audit"? >
Yes, that's the plan as I know it. > Are the new vuxml entries in the correct format to detect for individual > base packages? > E.g. FreeBSD-libxo, FreeBSD-libxo-debug, FreeBSD-libxo-development > The current format is irrelevant as the vulnerabilities will not apply to a FreeBSD release that has pkg base. This is just a stopgap that has been hacked up. I also do not know what the base package names will be yet as I haven't played around with it, but we will be ensuring that vuxml entries are correctly added once pkg base is finalized. It will be possible to add entries that match for both older FreeBSD releases and new pkg base releases. > Are the new vuxml entries in a format that would support PkgBase for > releases as well as for stable/current? > E.g. FreeBSD-libxo-12.0_2, FreeBSD-libxo-12.0.s20160903042939 > I don't know if it will be possible to match for stable/current users. Depends on the versioning scheme. -- Mark Felder ports-secteam member f...@freebsd.org _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
