On Mon, 03 May 2004 19:59:31 +0200 Artur Pydo <artur@pydo.org> wrote: [cut] | I know that there is a workaround | modifying 'auditfile' by hand as it is a ascii file. | | I suggest that in future one avoid setting vulnerable versions as > 0 | because the update fails as long as the reference file has not been | updated with the correct vulnerable port later. | | In this case it would be much more efficient to set 'png<1.2.5_3' | from the beginning. imvho the drawbacks of this solution outweight its usefulness. If a commit does not solve the problem but makes the port to look not vulnerable, and I'm a very sloppy or very overworked sysadmin, I might not notice. Would you prefer me sweating around the upgrade of something I know is patched, but portaudit prevents me from portupgrading, or my cracked zombie machine pounding at your network while I'm slacking off? :) Just my 2 cents Frankye _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"