From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.43)
	id 1EEDy0-0004vt-Af
	for garchives@archives.gentoo.org; Sat, 10 Sep 2005 22:37:00 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j8AMVIf3012572;
	Sat, 10 Sep 2005 22:31:18 GMT
Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55])
	by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j8AMVHwQ007050
	for <gentoo-server@lists.gentoo.org>; Sat, 10 Sep 2005 22:31:18 GMT
Received: from [192.168.123.141] (c-24-19-159-167.hsd1.wa.comcast.net[24.19.159.167])
          by comcast.net (sccrmhc11) with ESMTP
          id <2005091022351801100b9t5oe>; Sat, 10 Sep 2005 22:35:23 +0000
Message-ID: <43235FC1.7000100@munat.com>
Date: Sat, 10 Sep 2005 15:35:45 -0700
From: Ben Munat <bent@munat.com>
User-Agent: Mozilla Thunderbird 1.0.5 (Windows/20050711)
X-Accept-Language: en-us, en
Precedence: bulk
List-Post: <mailto:gentoo-server@lists.gentoo.org>
List-Help: <mailto:gentoo-server+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-server+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-server+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-server.gentoo.org>
X-BeenThere: gentoo-server@gentoo.org
Reply-to: gentoo-server@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] glsa-check and unused packages
References: <43232AC3.9030706@munat.com> <1126381452.17265.4.camel@spider.hotmonkeyporn.com>
In-Reply-To: <1126381452.17265.4.camel@spider.hotmonkeyporn.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Archives-Salt: d3b0dcae-1589-4c78-9e2b-6d0d375ea68f
X-Archives-Hash: 6aa012a709bb60a4339fef39a8286dde

Owen Ford wrote:
> On Sat, 2005-09-10 at 11:49 -0700, Ben Munat wrote:
> 
>>First, glsa-check claims that I'm vulnerable to 200412-02 and 200505-01. The first is 
>>pdflib and the second is various horde packages. However, I have the current versions of 
>>these installed -- the versions that the glsa says I need to solve the vulnerability. So, 
>>why would glsa-check say I'm vulnerable when I'm not?
> 
> 
> There are probably versions of those packages slotted.  I use emerge -Cp
> package to see which are installed.
> 

Very good... exactly the problem. Thanks.

As for dealing with all my orphaned packages, I'm figuring on going through the output of 
"emerge --depclean" and unmerging everything that comes up with no dependencies under 
"equery depends" and is something that I don't think I'll use. Does that sound reasonable?

Oh, and I'm assuming that "equery depends" just checks for installed packages that depend 
on the given package... anyone know any way to check a package's dependency against the 
entire portage tree?

b
-- 
gentoo-server@gentoo.org mailing list