Improve the handling of allowed vulnerabilities. Instead of the single

ALLOW_VULNERABLE_PACKAGES settings that applies to all packages, there can
now be per-package lists of allowed vulnerability ids:
	ALLOW_VULNERABILITIES.<pkgname>=<space separated list of vulnids>

To avoid duplication of code, audit-packages is now used to do these checks.
It can be skipped altogether by setting:
	SKIP_AUDIT_PACKAGES=yes

1 files changed, 13 insertions, 5 deletions

diff --git a/mk/defaults/mk.conf b/mk/defaults/mk.conf
index 1f02dfc9bf3..772abbed489 100644
--- a/mk/defaults/mk.conf
+++ b/mk/defaults/mk.conf
@@ -1,4 +1,4 @@
-# $NetBSD: mk.conf,v 1.91 2005/11/15 12:54:36 tonio Exp $
+# $NetBSD: mk.conf,v 1.92 2005/11/16 20:59:23 erh Exp $
 #
 
 # This file provides default values for variables that may be overridden
@@ -14,12 +14,20 @@
 # NOTE TO PEOPLE EDITING THIS FILE - USE LEADING SPACES, NOT LEADING TABS.
 # ************************************************************************
 
-#ALLOW_VULNERABLE_PACKAGES=
-# allow the user to build packages which are known to be vulnerable to
-# security exploits
-# Possible: defined, not defined
+#ALLOW_VULNERABILITIES.<pkgname>=
+# List of vulnerability ids to ignore when performing audit-packages
+# check when building a package.  
+# Possible: one or more vulnerabilities ids,
+#           or the word "yes" to allow all. (not recommended)
 # Default: not defined
 
+SKIP_AUDIT_PACKAGES=no
+# Completely skip running audit-packages to check for vulnerable packages.
+# Specifying individual vulnerabilities with
+# ALLOW_VULNERABILITIES.<pkgname>=<vulnid> is preferred to using this.
+# Possible: yes, no
+# Default: no
+
 MANINSTALL?= maninstall catinstall
 # Specify manpage installation types.
 # Possible: maninstall, catinstall, both types or empty