On 03/10/2012 08:12 AM, Kevin Chadwick wrote:
On Mon, 05 Mar 2012 10:42:15 +0100
Florian Pritz wrote:
You should read pacman.conf(5) "PACKAGE AND DATABASE SIGNATURE CHECKING"
and use "Optional PackageRequired"
Quick question and I'm guessing the answer will be just to wait and
that's fine.
There are just a few packages preventing me from using Required in
pacman.conf.
Like scribes and xcb-proto (the testing version is signed so I guess
that will migrate).
Just wondering if there is any pacman.conf magic that will tie a
signature checking setting to a particaulr package name?
p.s.
I don't know what people use apart from just updating regularly but I've
just written a script to look up packages installed with exploits
(cves) and also curently in the three main repos for arch. I haven't the
time at the mo to make it less crude and generic/ready/fancy for the
general public, but if anyone's interested let me know.
I would be interested in seeing the script you wrote for this please.
Thanks :)
This is what I found recently.
bugzilla-4.2
flyspray-0.9.9.6
phpldapadmin-1.2.2
wordpress-3.3.1
emacs-23.4
flashplugin-11.1.102.62
glib-1.2.10
mysql-5.5.21
ocaml-3.12.1
tomcat-5.5.34
vlc-2.0.0
