diff options
author | Marc Espie <espie@cvs.openbsd.org> | 2015-02-23 20:52:50 +0000 |
---|---|---|
committer | Marc Espie <espie@cvs.openbsd.org> | 2015-02-23 20:52:50 +0000 |
commit | 51d384aade7d954fb5aefd27bd8c676dbc5adec5 (patch) | |
tree | 60f02c9a573b3adacb2c301a923d441ae94a8009 | |
parent | 5061436e4dfe0c45f0aeb29d599107d82d1d7832 (diff) |
document the quirks cve mechanism. Better late than never
-rw-r--r-- | share/man/man7/packages.7 | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/share/man/man7/packages.7 b/share/man/man7/packages.7 index 824c72a7daa..56f32dcd5f2 100644 --- a/share/man/man7/packages.7 +++ b/share/man/man7/packages.7 @@ -1,4 +1,4 @@ -.\" $OpenBSD: packages.7,v 1.36 2014/11/11 00:32:55 brad Exp $ +.\" $OpenBSD: packages.7,v 1.37 2015/02/23 20:52:49 espie Exp $ .\" .\" Copyright (c) 2000 Marc Espie .\" @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 11 2014 $ +.Dd $Mdocdate: February 23 2015 $ .Dt PACKAGES 7 .Os .Sh NAME @@ -73,6 +73,18 @@ packages are now signed using .Xr pkg_sign 1 : understand that this is only a basic guarantee that the binary package can't be tampered with while in transit. +.Pp +Starting with +.Ox 5.6 , +the special package +.Ar quirks +is always updated, and its signature date displayed. +Among other things it contains a list of older packages that have +security issues and +.Xr pkg_add 1 +will warn if those are installed and cannot be updated. +This prevents a scenario where a bad guy would maintain a partial mirror +with outdated packages. .Sh MANAGING FILES The package system offers some strong warranties. .Ss "Installing a package won't erase existing files" |