[MacPorts] #43291: more integrated security notification: security page, port selfupdate notice, ...
MacPorts
noreply at macports.org
Thu Apr 10 12:43:49 PDT 2014
#43291: more integrated security notification: security page, port selfupdate
notice, ...
--------------------------+--------------------------------
Reporter: jul_bsd@… | Owner: macports-tickets@…
Type: enhancement | Status: new
Priority: Normal | Milestone:
Component: base | Version:
Resolution: | Keywords:
Port: |
--------------------------+--------------------------------
Comment (by jul_bsd@…):
3 ways
* have a subset livecheck.security for tool where there is a security
webpage probably with hash or hash+regexp
http://www.openssh.com/security.html
https://httpd.apache.org/security_report.html
http://www.isc.org/downloads/software-support-policy/security-advisory/
https://www.openssl.org/news/
https://drupal.org/security
https://www.ruby-lang.org/en/security/
http://www.postgresql.org/support/security/
https://www.python.org/news/security/
* a port audit command which could check livecheck.security and general
security pages like
http://cve.mitre.org/
http://www.cvedetails.com/
http://www.securityfocus.com/vulnerabilities
http://vuxml.freebsd.org/freebsd/index.html
http://ftp.netbsd.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities
* a web page, not that much to reference every security update (could if
automated way but it already exists on other systems) but at least give a
way to check security of your installed port and give very important
security announce/RSS as a complement to mailing-list, security contact
Of course, if author of a tool say nothing about a security fix and
nothing is known publicly elsewhere, there is no way to tell.
Ideally, the test infrastructure would make a livecheck once/day-week-
whatever you like and notify maintainer or a defined list an update is
pending. If it matches livecheck.security, it could be stressed out
--
Ticket URL: <https://trac.macports.org/ticket/43291#comment:2>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list