Jonathan Perkin via smartos-discuss writes: >It's a core part of the packaging tools, so any machine where pkgsrc >packages are installed will include it.
Great, that's what I expected. >> Also - is there any equivalent for unpackaged things in an image? >> E.g., /bin/bash comes to mind. > >No, the platform is not packaged so this would be difficult. However >the platform engineers do a fantastic job at quickly fixing any >vulnerabilities in the platform, and there is a lot less software >installed compared to what is available through pkgsrc, so usually >upgrading to the latest SmartOS will suffice. OK. Realizing that this may be something that Joyent charges money for, my application for this would be to know when I must upgrade to the latest SmartOS. >> OK. One more question - if a fix is applied to a specific package >> branch (e.g., the bash thing), does that rev the package version in >> some way that it will no longer be flagged by pkg_admin audit? > >Yes, either by upgrading to a new upstream version or by patching the >existing one and bumping the 'nb' package revision. The >vulnerabilities file lists exact versions which are vulnerable, so >either method will prevent the fixed package from showing up. Great. Then, for example, any older images could be upgraded with pkgin upgrade, and then pkg_admin audit show should no problems - at least for anything that is deemed to be significant enough to backport. Joe ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
