Subject: Handling of security reports for bootstrapped pkgsrc tools on non-NetBSD OSes
To: , <tech-pkg@NetBSD.org>
From: David H.Gutteridge <email@example.com>
Date: 01/09/2005 20:35:01
I've a question about reporting security
issues with pkgsrc tools that are installed
on non-NetBSD systems via the bootstrap package.
Since they're not actually recorded as packages
(except for digest), they can't be audited by
audit-packages. Consequently, if an issue
arises, as one with tnftp has recently,
how is communication of this fact handled?
Perhaps this is the first time it's come up?