Folks - I'm coming to the conclusion that for host which I'm using the system
version of various tools[1] I have bad visibility for when these versions of
the package become insecure and require an update.
Given that we don't have system packages to list in some manner similar to
pkgsrc packages, what is the best method for comparing these against the
content of the vulnerabilities file?
I tend to use the released versions of the OS from the relevant .iso - as part
of the build process would it make sense to produce a file somewhere in /etc
which lists the various bundled package versions grouped by install set?
Alternatively, has anyone got a guide for how to disable/replace as much of the
system-supplied packages with their pkgsrc equivalent and get around the
visibility problem that way? This may be preferable as then we can update
individual packages as required.
Regards,
Maloclm
[1] sshd, named/bind, postfix in the main
--
Malcolm Herbert
m...@mjch.net