apologies if this is the wrong list, but tech-security looks like it's
been dead for almost six months...

I know this doesn't apply to those outside the US [1], but the
NetBSD-specific section in the recent CERT advisory regarding buffer
overflows in RSAREF2 says basically "we advise recompiling things to not
use RSAREF2."  What about those of us who (for legal or other reasons)
don't have the option?

should I send-pr this?

[1] or even those inside the US who could care less about a certain
    software patent...

-- 
  Aaron J. Grier  | "Not your ordinary poofy goof." | agrier@poofy.goof.com
   "I really admire your perverse mastery of the SPARC branch delay slot,
      Dave.  Or is it your mastery of the perverse branch delay slot?"
	          -- Joe Martin to Dave S. Miller on linux-kernel