I was going to try out samba, in part to see if I could replicate  
Glyn's file copy issues, in part to see if my wife liked using it  
instead of WinSCP for sftp.

However, it looks like the current version in pkgsrc has multiple  
vulnerabilities,  and I can't find a newer one for NetBSD.  I tried  
to check pkgsrc-wip, but I can't find it either, let alone figure out  
if samba is undergoing renovation.    (Wasn't there once a discussion  
about reorganizing the ftp site so that it made a little more sense  
(to most)).

I did look and realize that all of these are 2007 announcements, and  
2 are from Feb 5.  So it's recent.  But how do/where would I find  
something being worked on it it isn't in -current yet?  There is a  
3.0.24 samba out, I read.

BTW what is the digest-20050323  (below) about?  I just updated  
pkgsrc, via (in part):
             setenv CVSROOT anoncvs@anoncvs.NetBSD.org:/cvsroot
	    cvs -q update -dP
Which should give me -current pkgsrc, per "tracking current" section  
of the NetBSD website.  Why do I have a reference to a 2005 digest?

Thanks,

Brian

--------------
=> Required installed package digest>=20010302: digest-20050323 found
===> Checking for vulnerabilities in samba-3.0.22nb3
ERROR: denial-of-service vulnerability in samba-3.0.22nb3 - see  
http://samba.org/samba/security/CVE-2007-0452.html for more information
samba<3.0.24
ERROR: solaris-buffer-overflow vulnerability in samba-3.0.22nb3 - see  
http://samba.org/samba/security/CVE-2007-0453.html for more information
samba<3.0.24
ERROR: vfs-format-string vulnerability in samba-3.0.22nb3 - see  
http://samba.org/samba/security/CVE-2007-0454.html for more information
samba<3.0.24
ERROR: Define ALLOW_VULNERABLE_PACKAGES if this package is absolutely  
essential
*** Error code 1