Gueven Bay wrote:
> So far I understand from the message with which pkgsrc stopped
> building the guide - included at the bottom of this posting - pkgsrc
> says "You know openssl is vulnerable but I need it to build the guide,
> so set ALLOW_VULNERABLE_PACKAGES, please".
> 
> Is this the right interpretation of the error message?
> Why does pkgsrc just not download the not vulnerable version of
> openssl - I downloaded the fresh vulnerability list ca. two hours
> before this build -?

You need to update your local pkgsrc sources.  The latest package
version is openssl-0.9.7inb5 which contains a fix for this issue.  The
fix was pulled up into the 2007Q3 stable branch as well.

adrian.