On 11/03/12 02:12, Kevin Chadwick wrote: > On Mon, 05 Mar 2012 10:42:15 +0100 > Florian Pritz wrote: > >> You should read pacman.conf(5) "PACKAGE AND DATABASE SIGNATURE CHECKING" >> and use "Optional PackageRequired" > > Quick question and I'm guessing the answer will be just to wait and > that's fine. > > There are just a few packages preventing me from using Required in > pacman.conf. > > Like scribes and xcb-proto (the testing version is signed so I guess > that will migrate). > > Just wondering if there is any pacman.conf magic that will tie a > signature checking setting to a particaulr package name? > > > > p.s. > > I don't know what people use apart from just updating regularly but I've > just written a script to look up packages installed with exploits > (cves) and also curently in the three main repos for arch. I haven't the > time at the mo to make it less crude and generic/ready/fancy for the > general public, but if anyone's interested let me know. > > > This is what I found recently. > > bugzilla-4.2 > flyspray-0.9.9.6 > phpldapadmin-1.2.2 > wordpress-3.3.1 > emacs-23.4 > flashplugin-11.1.102.62 > glib-1.2.10 > mysql-5.5.21 > ocaml-3.12.1 > tomcat-5.5.34 > vlc-2.0.0 Report issues to the bugtracker. Most packagers do not read this list. But make sure they are not already patched. Allan
