Peter C. Lai wrote: > Any reason why portaudit and its associated infrastructure was not announced to > this list or security-notifications? Sorry, I wasn't subscribed to security@ until recently, so I didn't though of announcing portaudit on this list. > I recently discovered it, and discovered > the feature was added to bsd.port.mk in the beginning of feburary. Seeing as > the security officer apparently (without announcement) no longer issues > security notices (SNs) for ports, I am assuming that portaudit has replaced > SNs entirely, and that we should rely on that for ports operational security? > [...] I'm sorry there has been so much confusion about portaudit. portaudit is fully functional, so it should be pretty realiable if used on your systems, but here are still some issues I want to straighten out before having an 1.0 release and doing an official announcement: - documented proxy handling - more tunable parameters - a start script for workstations which do not run periodic(8) scripts - maybe add some auditing code to pkg_add I hope to finish these Real Soon Now(tm), and will post an announcement then. Thanks for you heads-up Oliver _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"