1 |
On Wed, 8 Apr 2020 17:39:54 +0000 |
2 |
Peter Stuge <peter@×××××.se> wrote: |
3 |
|
4 |
> E.g. for auditing the installed values of these could be worth a lot. |
5 |
|
6 |
Only as far as analyising "why was this package installed, currently |
7 |
the metadata says its un-audited!". |
8 |
|
9 |
But for things like "affected by CVE/Bug", the very nature of those is |
10 |
they're often post-install metadata, so one should not be required to |
11 |
change an ebuild and reinstall the ebuild if that metadata has to |
12 |
change. |
13 |
|
14 |
And say, if a currently installed package had its "audit check marker" |
15 |
removed from the metadata, portage should react to that immediately and |
16 |
treat the installed package as bad. |
17 |
|
18 |
The "what was the metadata when this package was installed" would only |
19 |
help portage clarify the output message. |