Bug 247953

Summary: ports-mgmt/pkg gives annoying messages
Product: Ports & Packages Reporter: frank
Component: Individual Port(s)Assignee: freebsd-pkg (Nobody) <pkg>
Status: Closed FIXED    
Severity: Affects Many People Flags: bugzilla: maintainer-feedback? (pkg)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch to fix the problem none

Description frank 2020-07-13 15:34:15 UTC
Created attachment 216421 [details]
Patch to fix the problem

Periodic pkg audit is a good thing. Unfortunately, it is a bit annoying with some of its warnings. For example, I receive this on a daily basis for months now:

  Database fetched: Sat Jul 11 03:38:29 CEST 2020
  bind911-9.11.20: Tag: expiration_date Value: 2021-12-31
  bind911-9.11.20: Tag: deprecated Value: End of life, please migrate to a newer version of BIND9

Which is rather annoying since the expiration date is still 18 months away!!!

Similar, some ports are completely o.k. for running, only during the build process they are using deprecated tools (notably python 2.7), this gives messages such as:

  firefox-78.0_2,1: Tag: deprecated Value: Uses Python 2.7 which is EOLed upstream
  spidermonkey60-60.9.0_3: Tag: deprecated Value: Uses Python 2.7 which is EOLed upstream
  thunderbird-68.9.0_1: Tag: deprecated Value: Uses Python 2.7 which is EOLed upstream

Note that these packages do not use Python to run, only to build.

The attached patch allows to filter this using the nobs:

security_status_pkgaudit_expiration="NO"
security_status_pkgaudit_deprecation="NO"

that can be put in periodic.conf

I would really appreciated if this patch can make it in the system.

p.s.: a better solution might be to add a time window, e.g. warn me only if a expatriation date of a pkg is less than 3 months away. However, I do not know how to do that in sh/bash.
Comment 1 Baptiste Daroussin freebsd_committer 2021-08-18 09:59:27 UTC
https://github.com/freebsd/pkg/commit/c178d437f9f7abd361f0ac657de4c0e73dbb0154

It will be in the next version of pkg, thank you for providing the patch