misc/50412: Many packages to be built from source require nbpatch-20100124 which has vulnerability

[swimbunny2000%gmail.com@localhost]

>Number:         50412
>Category:       misc
>Synopsis:       Many packages to be built from source require nbpatch-20100124 which has vulnerability
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Nov 07 02:05:00 +0000 2015
>Originator:     Daniel Glueck
>Release:        Trunk (which I assume is similar to 2015Q3)
>Organization:
>Environment:
Darwin Kernel Version 15.0.0: Sat Sep 19 15:53:46 PDT 2015; root:xnu-3247.10.11~1/RELEASE_X86_64 x86_64
>Description:
I am just getting started with pkgsrc on Mac OS X, and did a bootstrap installation from the git trunk branch using ABI=64 and unprivileged. The bootstrap went fine, but many, if not all, packages seem to require nbpatch-20100124 which has a security vulnerability. If I try to "bmake" that package, I get this error: 

===> Checking for vulnerabilities in nbpatch-20100124
Package nbpatch-20100124 has a arbitrary-code-execution vulnerability, see https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in pkg_install.conf(5) if this package is absolutely essential.
*** Error code 1

Should I just make the selection to allow vulnerable packages, or is there some preferred way to proceed? Some web searching did not turn up a preferred solution.
>How-To-Repeat:
cd ~/pkgsrc/devel/nbpatch
bmake

>Fix: