[MacPorts] #15059: ENH: Add vulnerability (update) notification /
detection
MacPorts
trac at macosforge.org
Fri Apr 18 16:18:58 PDT 2008
#15059: ENH: Add vulnerability (update) notification / detection
--------------------------------------------+-------------------------------
Reporter: ecronin at macports.org | Owner: ecronin at macports.org
Type: enhancement | Status: new
Priority: Normal | Milestone: MacPorts base enhancements
Component: base | Version: 1.6.0
Keywords: security vulnerabilities vuxml |
--------------------------------------------+-------------------------------
Right now MacPorts lacks a good way of indicating that an installed port
has a known vulnerability or that an update to an installed port fixes
this vulnerability.
FreeBSD has developed the VuXML database http://www.vuxml.org/ and
{{{portaudit}}} tool which may be a starting point for building a tool
external to macports core (I have not looked at the practicality of
porting {{{portaudit}}} to use the MacPorts registry).
A simpler, manual, internal fix would to be to add a monotonic counter
similar to Revision which is incremented each time a critical update is
made upstream and some changes to {{{port outdated}}} or perhaps a new
{{{port vulnerable}}} that lists these.
--
Ticket URL: <http://trac.macosforge.org/projects/macports/ticket/15059>
MacPorts </projects/macports>
Ports system for Mac OS
More information about the macports-tickets
mailing list