Opened 17 years ago
Last modified 10 years ago
#15059 new enhancement
ENH: Add vulnerability (update) notification / detection
Reported by: | ecronin (Eric Cronin) | Owned by: | macports-tickets@… |
---|---|---|---|
Priority: | Normal | Milestone: | MacPorts Future |
Component: | base | Version: | 1.6.0 |
Keywords: | security vulnerabilities vuxml | Cc: | tonytung@…, larryv (Lawrence Velázquez) |
Port: |
Description
Right now MacPorts lacks a good way of indicating that an installed port has a known vulnerability or that an update to an installed port fixes this vulnerability.
FreeBSD has developed the VuXML database http://www.vuxml.org/ and portaudit
tool which may be a starting point for building a tool external to macports core (I have not looked at the practicality of porting portaudit
to use the MacPorts registry).
A simpler, manual, internal fix would to be to add a monotonic counter similar to Revision which is incremented each time a critical update is made upstream and some changes to port outdated
or perhaps a new port vulnerable
that lists these.
Change History (3)
comment:1 Changed 14 years ago by tonytung@…
Cc: | tonytung@… added |
---|
comment:2 Changed 10 years ago by ecronin (Eric Cronin)
Owner: | changed from ecronin@… to macports-tickets@… |
---|
Still think this would be a good feature, but no time to work on it
Cc Me!