| 1 |
On Wed, 8 Apr 2020 17:39:54 +0000 |
| 2 |
Peter Stuge <peter@×××××.se> wrote: |
| 3 |
|
| 4 |
> E.g. for auditing the installed values of these could be worth a lot. |
| 5 |
|
| 6 |
Only as far as analyising "why was this package installed, currently |
| 7 |
the metadata says its un-audited!". |
| 8 |
|
| 9 |
But for things like "affected by CVE/Bug", the very nature of those is |
| 10 |
they're often post-install metadata, so one should not be required to |
| 11 |
change an ebuild and reinstall the ebuild if that metadata has to |
| 12 |
change. |
| 13 |
|
| 14 |
And say, if a currently installed package had its "audit check marker" |
| 15 |
removed from the metadata, portage should react to that immediately and |
| 16 |
treat the installed package as bad. |
| 17 |
|
| 18 |
The "what was the metadata when this package was installed" would only |
| 19 |
help portage clarify the output message. |
Archives