pkg-vulnerabilities, vulnerable packages, Opera 9.23, README.htmls

["Dennis den Brok" <d.den.brok%uni-bonn.de@localhost>]

To sum it up in a single mail:

  * Opera 9.23 is out for quite a while and fixes one security issue with
JavaScript and a few stability issues, so I guess the package ought to be
updated and the updates pulled up to -2007Q2, which doesn't seem to have
9.22 yet, even (which already fixed security issues);
  * pkg-vulnerabilities doesn't list at least the security issue fixed by
the release of Opera 9.23;
  * What I'm wondering about: Firefox 2.0.0.6 has this long-standing
remote-information-exposure issue which prevents it from being built
without ALLOW_VULNERABLE=yes; yet, there's a binary package available from
a directory different from packages/vulnerable, and the corresponding
README.html doesn't mention any vulnerabilities at all. I reckon this is
to not confuse new users with such a popular package being not instantly
available, but I haven't found anything about a change of policy regarding
that matter; ISTR that earlier, Firefox was being treated differently?
  * The links to dependencies in the README.htmls on the pkgsrc ftp-server
are long since broken. There's one "../" missing, for instance in
x11/9term/README.html, there's a link to
ftp://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/x11/editors/sam/README.html.
Note "x11/editors".

TIA for anything.

--
Dennis den Brok