Ticket #15059 (new enhancement)
ENH: Add vulnerability (update) notification / detection
| Reported by: | ecronin@… | Owned by: | ecronin@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | MacPorts Future |
| Component: | base | Version: | 1.6.0 |
| Keywords: | security vulnerabilities vuxml | Cc: | tonytung@… |
| Port: |
Description
Right now MacPorts lacks a good way of indicating that an installed port has a known vulnerability or that an update to an installed port fixes this vulnerability.
FreeBSD has developed the VuXML database http://www.vuxml.org/ and portaudit tool which may be a starting point for building a tool external to macports core (I have not looked at the practicality of porting portaudit to use the MacPorts registry).
A simpler, manual, internal fix would to be to add a monotonic counter similar to Revision which is incremented each time a critical update is made upstream and some changes to port outdated or perhaps a new port vulnerable that lists these.
Note: See
TracTickets for help on using
tickets.
Cc Me!