The only way, currently, to install a vulnerable port is by setting DISABLE_VULNERABILITIES by hand.
Portupgrade should be smarter about such things and automatically handle the common situations, when the same vulnerability(ies) also exist in the already-installed version of the port being upgraded -- as can be determined from the VuXML database.
This will not make things any less secure for the user, but will cause less disappointment, when the tool fails to upgrade half of the ports, because a dependency failed for reasons of VuXML.
The only way, currently, to install a vulnerable port is by setting
DISABLE_VULNERABILITIESby hand.Portupgrade should be smarter about such things and automatically handle the common situations, when the same vulnerability(ies) also exist in the already-installed version of the port being upgraded -- as can be determined from the VuXML database.
This will not make things any less secure for the user, but will cause less disappointment, when the tool fails to upgrade half of the ports, because a dependency failed for reasons of VuXML.