On Fri, 6 May 2005, Thomas Klausner wrote:
>> Is that policy visible somewhere, and
>> what parts of documentation need updating for this?
>
> Tell me a place where we document policies such as these,
> and I'll document it.

I guess a policy about vulnerable packages should be documented near the 
policy about packages in general. I guess the closest thing to such a 
document would be somewhere in section 5 "Creating binary packages" of the 
pkgsrc guide. Maybe add a new section 5.3.9 "Handling vulnerable 
packages".

(It may be worth investigating to move "5.3 Doing a bulk build of all 
packages" into the pkgsrc Developers' guide, e.g. as 11.4.)


> The guide has been updated.

The pkgsrc or NetBSD guide? :) They may both need checking.
Also, there are more places that mention the additional place:

  * src/distrib/notes/common/postinstall
  * src/usr.sbin/pkg_install/add/pkg_add.1 and any other places like
    pkgsrc/bootstrap/... this manpage resides


  - Hubert

-- 
NetBSD - Free AND Open!      (And of course secure, portable, yadda yadda)