[MacPorts] #15059: ENH: Add vulnerability (update) notification / detection

MacPorts trac at macosforge.org
Fri Apr 18 16:18:58 PDT 2008

#15059: ENH: Add vulnerability (update) notification / detection
 Reporter:  ecronin at macports.org            |       Owner:  ecronin at macports.org      
     Type:  enhancement                     |      Status:  new                       
 Priority:  Normal                          |   Milestone:  MacPorts base enhancements
Component:  base                            |     Version:  1.6.0                     
 Keywords:  security vulnerabilities vuxml  |  
 Right now MacPorts lacks a good way of indicating that an installed port
 has a known vulnerability or that an update to an installed port fixes
 this vulnerability.

 FreeBSD has developed the VuXML database http://www.vuxml.org/ and
 {{{portaudit}}} tool which may be a starting point for building a tool
 external to macports core (I have not looked at the practicality of
 porting {{{portaudit}}} to use the MacPorts registry).

 A simpler, manual, internal fix would to be to add a monotonic counter
 similar to Revision which is incremented each time a critical update is
 made upstream and some changes to {{{port outdated}}} or perhaps a new
 {{{port vulnerable}}} that lists these.

Ticket URL: <http://trac.macosforge.org/projects/macports/ticket/15059>
MacPorts </projects/macports>
Ports system for Mac OS

More information about the macports-tickets mailing list