Opened 13 years ago

Last modified 6 years ago

#15059 new enhancement

ENH: Add vulnerability (update) notification / detection

Reported by: ecronin (Eric Cronin) Owned by: macports-tickets@…
Priority: Normal Milestone: MacPorts Future
Component: base Version: 1.6.0
Keywords: security vulnerabilities vuxml Cc: tonytung@…, larryv (Lawrence Velázquez)
Port:

Description

Right now MacPorts lacks a good way of indicating that an installed port has a known vulnerability or that an update to an installed port fixes this vulnerability.

FreeBSD has developed the VuXML database http://www.vuxml.org/ and portaudit tool which may be a starting point for building a tool external to macports core (I have not looked at the practicality of porting portaudit to use the MacPorts registry).

A simpler, manual, internal fix would to be to add a monotonic counter similar to Revision which is incremented each time a critical update is made upstream and some changes to port outdated or perhaps a new port vulnerable that lists these.

Change History (3)

comment:1 Changed 10 years ago by tonytung@…

Cc: tonytung@… added

Cc Me!

comment:2 Changed 6 years ago by ecronin (Eric Cronin)

Owner: changed from ecronin@… to macports-tickets@…

Still think this would be a good feature, but no time to work on it

comment:3 Changed 6 years ago by larryv (Lawrence Velázquez)

Cc: larryv@… added

Cc Me!

Note: See TracTickets for help on using tickets.