summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorwiz <wiz@pkgsrc.org>2010-03-18 10:56:18 +0000
committerwiz <wiz@pkgsrc.org>2010-03-18 10:56:18 +0000
commit17a6c20a261d5ede99cecfc18c1f62d13656044e (patch)
tree687e1cfabe0087f3fd0641c31ed705a5c1774e12 /doc
parente10b1cacc9ca3523754f039ae24415f813f00c79 (diff)
downloadpkgsrc-17a6c20a261d5ede99cecfc18c1f62d13656044e.tar.gz
Update documentation since vulnerable packages are not moved
to the vulnerable/ directory any longer.
Diffstat (limited to 'doc')
-rw-r--r--doc/guide/files/bulk.xml18
-rw-r--r--doc/guide/files/faq.xml4
-rw-r--r--doc/guide/files/using.xml15
3 files changed, 14 insertions, 23 deletions
diff --git a/doc/guide/files/bulk.xml b/doc/guide/files/bulk.xml
index e3382d20b5e..0be15cfe639 100644
--- a/doc/guide/files/bulk.xml
+++ b/doc/guide/files/bulk.xml
@@ -1,4 +1,4 @@
-<!-- $NetBSD: bulk.xml,v 1.7 2009/10/11 20:50:48 rillig Exp $ -->
+<!-- $NetBSD: bulk.xml,v 1.8 2010/03/18 10:56:18 wiz Exp $ -->
<chapter id="bulk">
<title>Creating binary packages for everything in pkgsrc (bulk
@@ -157,13 +157,12 @@ SKIP_LICENSE_CHECK= yes
<itemizedlist>
<listitem><para><varname>ALLOW_VULNERABLE_PACKAGES</varname>
- should be set to <literal>yes</literal>. The purpose of the bulk
- builds is creating binary packages, no matter if they are
- vulnerable or not. When uploading the packages to a public
- server, the vulnerable packages will be put into a directory of
- their own. Leaving this variable unset would prevent the bulk
- build system from even trying to build them, so possible
- building errors would not show up.</para></listitem>
+ should be set to <literal>yes</literal>. The purpose of the
+ bulk builds is creating binary packages, no matter if they
+ are vulnerable or not. Leaving this variable unset would
+ prevent the bulk build system from even trying to build
+ them, so possible building errors would not show
+ up.</para></listitem>
<listitem><para><varname>CHECK_FILES</varname>
(<filename>pkgsrc/mk/check/check-files.mk</filename>) can be set to
@@ -585,8 +584,7 @@ chroot-&rprompt; <userinput>exit</userinput>
<para>The upload process may take quite some time. Use &man.ls.1; or
&man.du.1; on the FTP server to monitor progress of the
upload. The upload script will take care of not uploading
- restricted packages and putting vulnerable packages into the
- <filename>vulnerable</filename> subdirectory.</para>
+ restricted packages.</para>
<para>After the upload has ended, first thing is to revoke ssh access:</para>
diff --git a/doc/guide/files/faq.xml b/doc/guide/files/faq.xml
index 05ca922fa70..a3fac3080a0 100644
--- a/doc/guide/files/faq.xml
+++ b/doc/guide/files/faq.xml
@@ -1,4 +1,4 @@
-<!-- $NetBSD: faq.xml,v 1.45 2009/04/20 17:07:13 ver Exp $ -->
+<!-- $NetBSD: faq.xml,v 1.46 2010/03/18 10:56:18 wiz Exp $ -->
<chapter id="faq"> <?dbhtml filename="faq.html"?>
<title>Frequently Asked Questions</title>
@@ -528,7 +528,7 @@ do this, refer to the following two tools (installed as part of the
<listitem>
<para><command>pkg_admin audit</command>, an easy way to audit the
- current machine, checking each vulnerability which is known. If a
+ current machine, checking each known vulnerability. If a
vulnerable package is installed, it will be shown by output to stdout,
including a description of the type of vulnerability, and a URL
containing more information.</para>
diff --git a/doc/guide/files/using.xml b/doc/guide/files/using.xml
index a783d1c6402..0f589ce28af 100644
--- a/doc/guide/files/using.xml
+++ b/doc/guide/files/using.xml
@@ -1,4 +1,4 @@
-<!-- $NetBSD: using.xml,v 1.37 2009/08/25 13:19:50 wiz Exp $ -->
+<!-- $NetBSD: using.xml,v 1.38 2010/03/18 10:56:18 wiz Exp $ -->
<chapter id="using"> <?dbhtml filename="using.html"?>
<title>Using pkgsrc</title>
@@ -60,9 +60,7 @@ and you can still use binary packages from someone else.</para>
subdirectory called <filename>All</filename>, which contains all the
binary packages that are available for the platform, excluding those
that may not be distributed via FTP or CDROM (depending on which
- medium you are using), and the ones that have vulnerabilities and
- therefore are considered insecure to install without thinking
- before.</para>
+ medium you are using).</para>
<para>To install packages directly from an FTP or HTTP server, run
the following commands in a Bourne-compatible shell (be sure to
@@ -93,13 +91,8 @@ and you can still use binary packages from someone else.</para>
package in question will be installed, too, assuming they are
present where you install from.</para>
- <para>As mentioned above, packages for which vulnerabilities get
- known are not stored in the <filename>All</filename> subdirectory.
- They don't get deleted since that could be very frustrating if many
- other packages depend on it. Instead, they are moved to the
- <filename>vulnerable</filename> subdirectory. So you may need to add
- this directory to the <varname>PKG_PATH</varname> variable.
- However, you should run <command>pkg_admin audit</command>
+ <para>Adding packages might install vulnerable packages.
+ Thus you should run <command>pkg_admin audit</command>
regularly, especially after installing new packages, and verify
that the vulnerabilities are acceptable for your configuration.</para>