Context: I have received the following output in my daily mails:
oniguruma-6.9.10: Tag: expiration_date Value: 2026-12-01
perl5-5.40.4: Tag: expiration_date Value: 2027-06-09
python310-3.10.20_1: Tag: expiration_date Value: 2026-09-30
I was suprised to see oniguruma. I know this RE library (putting the weird deprecation upstream aside), but have never installed it directly, so it comes automatically. As a user/admin the information is little helpful:
- I have never installed it directly
- It does not tell me who depends on it unless I do "pkg info -r "
- There is basically nothing I can do unless depending upstream replaces it with something else (pcre2, re, ...)
So security/410.pkg-audit could see an improvement where I could rather rather say that I want to see this kind of information on non-automatic packages only since these are the ones I have installed.
pkg annotate -a -S expiration_date => pkg annotate -a --automatic -S expiration_date or pkg annotate -a --no-automatic -S expiration_date
I'd change the periodic job to no automatic only.
Context: I have received the following output in my daily mails:
I was suprised to see oniguruma. I know this RE library (putting the weird deprecation upstream aside), but have never installed it directly, so it comes automatically. As a user/admin the information is little helpful:
So
security/410.pkg-auditcould see an improvement where I could rather rather say that I want to see this kind of information on non-automatic packages only since these are the ones I have installed.pkg annotate -a -S expiration_date=>pkg annotate -a --automatic -S expiration_dateorpkg annotate -a --no-automatic -S expiration_dateI'd change the periodic job to no automatic only.