Subject: Handling of security reports for bootstrapped pkgsrc tools on non-NetBSD OSes
To: , <>
From: David H.Gutteridge <>
List: tech-pkg
Date: 01/09/2005 20:35:01

I've a question about reporting security
issues with pkgsrc tools that are installed
on non-NetBSD systems via the bootstrap package.
Since they're not actually recorded as packages
(except for digest), they can't be audited by
audit-packages.  Consequently, if an issue
arises, as one with tnftp has recently,
how is communication of this fact handled?
Perhaps this is the first time it's come up?