Opened 18 years ago
Last modified 12 years ago
#15059 new enhancement
ENH: Add vulnerability (update) notification / detection
| Reported by: | ecronin (Eric Cronin) | Owned by: | macports-tickets@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | MacPorts Future |
| Component: | base | Version: | 1.6.0 |
| Keywords: | security vulnerabilities vuxml | Cc: | tonytung@…, larryv (Lawrence Velázquez) |
| Port: |
Description
Right now MacPorts lacks a good way of indicating that an installed port has a known vulnerability or that an update to an installed port fixes this vulnerability.
FreeBSD has developed the VuXML database http://www.vuxml.org/ and portaudit tool which may be a starting point for building a tool external to macports core (I have not looked at the practicality of porting portaudit to use the MacPorts registry).
A simpler, manual, internal fix would to be to add a monotonic counter similar to Revision which is incremented each time a critical update is made upstream and some changes to port outdated or perhaps a new port vulnerable that lists these.
Change History (3)
comment:1 Changed 16 years ago by tonytung@…
| Cc: | tonytung@… added |
|---|
comment:2 Changed 12 years ago by ecronin (Eric Cronin)
| Owner: | changed from ecronin@… to macports-tickets@… |
|---|
Still think this would be a good feature, but no time to work on it
Cc Me!