Subject: Re: pscan in "net"?
To: NetBSD Packages Technical Discussion List <tech-pkg@NetBSD.ORG>
From: Lubomir Sedlacik <>
List: tech-pkg
Date: 08/06/2002 21:06:59
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 06, 2002 at 02:54:28PM -0400, Greg A. Woods wrote:
> Why is "pscan" in the "net" category?  From the description file:
> 	PScan is a C source code security scanner, which looks for misuse of
> 	libc functions which use varargs and printf-style formatting
> 	operators. In many situations these can cause security vulnerabilities
> 	in the application if it runs with privileges (setugid, or listening
> 	to a network socket, etc).
> The Makefile gives a slightly better definition, though it has its
> priority ordering backwards:
> 	CATEGORIES=3D	security devel
> It's primarily a development tool, with potential use for detecting what
> might eventually end up as security issues in applications.

it's already moved to pkgsrc/security:


-- Lubomir Sedlacik <>   ASCII Ribbon campaign against  /"\=
--                  <>   e-mail in gratuitous HTML and  \ /=
--                                       Microsoft proprietary formats   X =
-- PGPkey:                                  / \=
-- Key Fingerprint: 75B2 2B96 CD75 0385 1C49  39B8 8B08 C30E 54BC 7263     =

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (NetBSD)