On Thu, Nov 10, 2022 at 10:55:03PM +0200, Mart Raudsepp wrote: > Ühel kenal päeval, N, 10.11.2022 kell 22:07, kirjutas Jaco Kroon: > > > Like glsa-check? > > We currently use that, but it really just says which GLSAs are > > applicable to the system, it doesn't tell me net-misc/asterisk- > > 16.0.1:16 > > - we've got ways of working from the glsa-check output to that. Of > > particular annoyance if a GLSA lists multiple packages, of which you > > have one installed, and one not. Given net-misc/asterisk-16.0.1:16 I > > can > > quite quickly determine that emerge -1av net-misc/asterisk:16 will > > resolve the problem with the lowest possible risk of breakage to > > other > > components on the system, and without having to perform a full > > update. > > emerge -vpO @security > > but to get something like it to only showing which installed asterisk > SLOT is vulnerable would be some extra coding with portage API I think.
Yeah, to implement this, working on glsa-check is already necessary. I'm willing to look into ensuring the @security set works properly as well.
signature.asc
Description: PGP signature
