--VbJkn9YxBvnuCH5J
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 06, 2002 at 02:54:28PM -0400, Greg A. Woods wrote:
> Why is "pscan" in the "net" category?  From the description file:
>=20
> 	PScan is a C source code security scanner, which looks for misuse of
> 	libc functions which use varargs and printf-style formatting
> 	operators. In many situations these can cause security vulnerabilities
> 	in the application if it runs with privileges (setugid, or listening
> 	to a network socket, etc).
>=20
> The Makefile gives a slightly better definition, though it has its
> priority ordering backwards:
>=20
> 	CATEGORIES=3D	security devel
>=20
> It's primarily a development tool, with potential use for detecting what
> might eventually end up as security issues in applications.

it's already moved to pkgsrc/security:

 http://mail-index.netbsd.org/pkgsrc-changes/2002/08/06/0008.html
 http://mail-index.netbsd.org/pkgsrc-changes/2002/08/06/0009.html

regards,

--=20
-- Lubomir Sedlacik <salo@Xtrmntr.org>   ASCII Ribbon campaign against  /"\=
 --
--                  <salo@silcnet.org>   e-mail in gratuitous HTML and  \ /=
 --
--                                       Microsoft proprietary formats   X =
 --
-- PGPkey: http://Xtrmntr.org/salo.pgp                                  / \=
 --
-- Key Fingerprint: 75B2 2B96 CD75 0385 1C49  39B8 8B08 C30E 54BC 7263     =
 --

--VbJkn9YxBvnuCH5J
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)

iD8DBQE9UB5SiwjDDlS8cmMRAtc6AJ0aD/NaCSGwCs3nz0wEyFzSlrzvkACeOrn4
d+kjL9phf+hJt6y+C4TZ+KQ=
=kVLl
-----END PGP SIGNATURE-----

--VbJkn9YxBvnuCH5J--