 @@ -1,14 +1,14 @@
-<!-- $NetBSD: bulk.xml,v 1.7 2009/10/11 20:50:48 rillig Exp $ -->
+<!-- $NetBSD: bulk.xml,v 1.8 2010/03/18 10:56:18 wiz Exp $ -->
 <chapter id="bulk">
 <title>Creating binary packages for everything in pkgsrc (bulk
 builds)</title>
 <para>When you have multiple machines that should run the same packages,
 it is wasted time if they all build their packages themselves from
 source. There are two ways of getting a set of binary packages: The old
 bulk build system, or the new (as of 2007) parallel bulk build (pbulk)
 system. This chapter describes how to set them up so that the packages
 are most likely to be usable later.</para>
 <sect1 id="bulk.pre">
 @@ -147,33 +147,32 @@ SKIP_LICENSE_CHECK=    yes
 	  <listitem><para>Another important variable is
 	  <varname>BULK_PREREQ</varname>, which is a list of packages that
 	  should be always available while building other
 	  packages.</para></listitem>
 	</itemizedlist>
 	<para>Some other options are scattered in the pkgsrc
 	infrastructure:</para>
 	<itemizedlist>
 	  <listitem><para><varname>ALLOW_VULNERABLE_PACKAGES</varname>
-	  should be set to <literal>yes</literal>. The purpose of the bulk
+	  should be set to <literal>yes</literal>. The purpose of the
-	  builds is creating binary packages, no matter if they are
+	  bulk builds is creating binary packages, no matter if they
-	  vulnerable or not. When uploading the packages to a public
+	  are vulnerable or not. Leaving this variable unset would
-	  server, the vulnerable packages will be put into a directory of
+	  prevent the bulk build system from even trying to build
-	  their own. Leaving this variable unset would prevent the bulk
+	  them, so possible building errors would not show
-	  build system from even trying to build them, so possible
+	  up.</para></listitem>
 	  building errors would not show up.</para></listitem>
 	  <listitem><para><varname>CHECK_FILES</varname>
 	  (<filename>pkgsrc/mk/check/check-files.mk</filename>) can be set to
 	  <quote>yes</quote> to check that the installed set of files
 	  matches the <filename>PLIST</filename>.</para></listitem>
 	  <listitem><para><varname>CHECK_INTERPRETER</varname>
 	  (<filename>pkgsrc/mk/check/check-interpreter.mk</filename>) can be set to
 	  <quote>yes</quote> to check that the installed
 	  <quote>#!</quote>-scripts will find their
 	  interpreter.</para></listitem>
 	  <listitem><para><varname>PKGSRC_RUN_TEST</varname> can be
 @@ -575,28 +574,27 @@ chroot-&rprompt; cat $HOME/.s
       <para>Now after all this works, you can exit the sandbox and start
       the upload:</para>
       <screen>
 chroot-&rprompt; <userinput>exit</userinput>
 &rprompt; <userinput>cd /usr/sandbox/usr/pkgsrc</userinput>
 &rprompt; <userinput>sh mk/bulk/do-sandbox-upload</userinput>
       </screen>
       <para>The upload process may take quite some time. Use &man.ls.1; or
       &man.du.1; on the FTP server to monitor progress of the
       upload. The upload script will take care of not uploading
-      restricted packages and putting vulnerable packages into the
+      restricted packages.</para>
       <filename>vulnerable</filename> subdirectory.</para>
       <para>After the upload has ended, first thing is to revoke ssh access:</para>
       <screen>nbftp% <userinput>vi ~/.ssh/authorized_keys</userinput>
       Gdd:x! </screen>
       <para>Use whatever is needed to remove the key you've entered
       before! Last, move the uploaded packages out of the
       <filename>upload</filename> directory to have them accessible
       to everyone:</para>
       <screen>
 nbftp% <userinput>cd /pub/NetBSD/packages/packages-20xxQy/NetBSD-a.b.c/arch</userinput>

 @@ -1,14 +1,14 @@
-<!-- $NetBSD: faq.xml,v 1.45 2009/04/20 17:07:13 ver Exp $ -->
+<!-- $NetBSD: faq.xml,v 1.46 2010/03/18 10:56:18 wiz Exp $ -->
 <chapter id="faq"> <?dbhtml filename="faq.html"?>
 <title>Frequently Asked Questions</title>
 <para>This section contains hints, tips &amp; tricks on special things in
 pkgsrc that we didn't find a better place for in the previous chapters, and
 it contains items for both pkgsrc users and developers.</para>
 <!-- ================================================================== -->
   <sect1 id="mailing-list-pointers">
     <title>Are there any mailing lists for pkg-related discussion?</title>
 @@ -518,27 +518,27 @@ do this, refer to the following two tool
   <listitem>
     <para><command>pkg_admin fetch-pkg-vulnerabilities</command>, an easy way to
     download a list of the security vulnerabilities information.  This list
     is kept up to date by the NetBSD security officer and the NetBSD
     packages team, and is distributed from the NetBSD ftp server:</para>
     <para><ulink
     url="ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities"/></para>
   </listitem>
   <listitem>
     <para><command>pkg_admin audit</command>, an easy way to audit the
-    current machine, checking each vulnerability which is known.  If a
+    current machine, checking each known vulnerability.  If a
     vulnerable package is installed, it will be shown by output to stdout,
     including a description of the type of vulnerability, and a URL
     containing more information.</para>
   </listitem>
 </orderedlist>
 <para>Use of these tools is strongly recommended!  After
 <quote>pkg_install</quote> is installed, please read
 the package's message, which you can get by running <userinput>pkg_info -D
 pkg_install</userinput>.</para>
 <para>If this package is installed, pkgsrc builds will use it to

 @@ -1,14 +1,14 @@
-<!-- $NetBSD: using.xml,v 1.37 2009/08/25 13:19:50 wiz Exp $ -->
+<!-- $NetBSD: using.xml,v 1.38 2010/03/18 10:56:18 wiz Exp $ -->
 <chapter id="using"> <?dbhtml filename="using.html"?>
 <title>Using pkgsrc</title>
 <para>Basically, there are two ways of using pkgsrc. The first
 is to only install the package tools and to use binary packages
 that someone else has prepared. This is the <quote>pkg</quote>
 in pkgsrc. The second way is to install the <quote>src</quote>
 of pkgsrc, too. Then you are able to build your own packages,
 and you can still use binary packages from someone else.</para>
 <sect1 id="using-pkg">
   <title>Using binary packages</title>
 @@ -50,29 +50,27 @@ and you can still use binary packages fr
     extract it in the <filename>/</filename> directory. It will create
     the directories <filename>/usr/pkg</filename> (containing the tools
     for managing binary packages) and <filename>/var/db/pkg</filename>
     (the database of installed packages).</para>
   </sect2>
   <sect2 id="installing-binary-packages">
     <title>Installing binary packages</title>
     <para>In the directory from the last section, there is a
     subdirectory called <filename>All</filename>, which contains all the
     binary packages that are available for the platform, excluding those
     that may not be distributed via FTP or CDROM (depending on which
-    medium you are using), and the ones that have vulnerabilities and
+    medium you are using).</para>
     therefore are considered insecure to install without thinking
     before.</para>
     <para>To install packages directly from an FTP or HTTP server, run
     the following commands in a Bourne-compatible shell (be sure to
     <command>su</command> to root first):</para>
 <screen>
 &rprompt; <userinput>PATH="/usr/pkg/sbin:$PATH"</userinput>
 &rprompt; <userinput>PKG_PATH="ftp://ftp.NetBSD.org/pub/pkgsrc/packages/<replaceable>OPSYS</replaceable>/<replaceable>ARCH</replaceable>/<replaceable>VERSIONS</replaceable>/All"</userinput>
 &rprompt; <userinput>export PATH PKG_PATH</userinput>
 </screen>
     <para>Instead of URLs, you can also use local paths, for example if
     you are installing from a set of CDROMs, DVDs or an NFS-mounted
 @@ -83,33 +81,28 @@ and you can still use binary packages fr
     <para>After these preparations, installing a package is very
     easy:</para>
 <screen>
 &rprompt; <userinput>pkg_add openoffice2</userinput>
 &rprompt; <userinput>pkg_add kde-3.5.7</userinput>
 &rprompt; <userinput>pkg_add ap2-php5-*</userinput>
 </screen>
     <para>Note that any prerequisite packages needed to run the
     package in question will be installed, too, assuming they are
     present where you install from.</para>
-    <para>As mentioned above, packages for which vulnerabilities get
+    <para>Adding packages might install vulnerable packages.
-    known are not stored in the <filename>All</filename> subdirectory.
+    Thus you should run <command>pkg_admin audit</command>
     They don't get deleted since that could be very frustrating if many
     other packages depend on it. Instead, they are moved to the
     <filename>vulnerable</filename> subdirectory. So you may need to add
     this directory to the <varname>PKG_PATH</varname> variable.
     However, you should run <command>pkg_admin audit</command>
     regularly, especially after installing new packages, and verify
     that the vulnerabilities are acceptable for your configuration.</para>
     <para>After you've installed packages, be sure to have
     <filename>/usr/pkg/bin</filename> and <filename>/usr/pkg/sbin</filename> in your
     <varname>PATH</varname> so you can actually start the just
     installed program.</para>
   </sect2>
   <sect2 id="using.pkg_delete">
     <title>Deinstalling packages</title>
     <para>To deinstall a package, it does not matter whether it was