> 
> Once again a CERT bulletin goes out without NetBSD in the vendor list.  Do
> we have a representative that responds to security issues, particularly one
> CERT knows to contact when a vulnerability is discovered?  Are we looking
> for someone to take on the responsibility?  (I'm not offering, at least not
> yet.  :)
> 
> It would be good to see NetBSD mentioned in these bulletins, especially with
> so many people out there still running 1.1, 1.2, and 1.2.1, that are not yet
> on -current.  NetBSD *needs* to be on their "vendor list."
> 

I would be glad to act as the focal point for these.  While I'm actually
not well equiped to DO anything about them, I have worked on security
stuff with 386BSD and NetBSD in the past.

In another life, I've also been a security manager at a Major Command 
for a large arm of the US Department of Defense.

-- 
Dave Burgess                   Network Engineer - Nebraska On-Ramp, Inc.
*bsd FAQ Maintainer / SysAdmin for the NetBSD system in my spare bedroom
"Just because something is stupid doesn't mean there isn't someone that 
doesn't want to do it...."