Subject: HEADS UP: change regarding vulnerable packages
To: None <tech-pkg@NetBSD.org>
From: Thomas Klausner <wiz@NetBSD.org>
Date: 05/06/2005 23:36:59
From this week on, the policy has been changed so that vulnerable
packages are not removed from ftp.NetBSD.org any longer, but instead
moved to a different subdirectory.
So if you prefer having a complete binary package set available
and take the risk of having vulnerable packages installed, you can
add ..../vulnerable to your PKG_PATH (where .... is the same path leading
up to /All).
Example: if you are currently using
you could switch to
The quoting is necessary because the semicolon (';') is a shell
If you do this, you should really start using security/audit-packages,
and run it especially after installing new packages.
P.S.: It might be that currently available binary package sets
are incomplete from before this change, but I expect that at
least starting with the next stable branch, incomplete binary
package sets should be a problem of the past.