Subject: HEADS UP: change regarding vulnerable packages
To: None <>
From: Thomas Klausner <>
List: tech-pkg
Date: 05/06/2005 23:36:59

From this week on, the policy has been changed so that vulnerable
packages are not removed from any longer, but instead
moved to a different subdirectory.

So if you prefer having a complete binary package set available
and take the risk of having vulnerable packages installed, you can
add ..../vulnerable to your PKG_PATH (where .... is the same path leading
up to /All).
Example: if you are currently using
you could switch to

The quoting is necessary because the semicolon (';') is a shell

If you do this, you should really start using security/audit-packages,
and run it especially after installing new packages.


P.S.: It might be that currently available binary package sets
are incomplete from before this change, but I expect that at
least starting with the next stable branch, incomplete binary
package sets should be a problem of the past.