Re: Prefer pkgsrc OpenSSL after 2016Q1.

[Kamil Rytarowski <n54%gmx.com@localhost>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10.03.2016 00:28, J. Lewis Muir wrote:
> On 3/9/16 5:21 PM, Kamil Rytarowski wrote:
>> On 10.03.2016 00:05, J. Lewis Muir wrote:
>>> Are there security advisories you know of that were not sent to
>>> the security-announce mailing list?
>> 
>> No, and this is the point that there aren't any as you said.
>> While pointing out issues with openssl or openssl for 7.0 is
>> simple for a person now involved in tracking security issues.
>> 
>> This is the reason why pkgsrc comes to mind. At least things will
>> get updated quarterly.
> 
> So you're saying that NetBSD should have released security
> advisories for its OpenSSL but has not?  If that's true, that would
> be a significant issue!
> 

We are coming to the conclusion.

The current approach seems to use the -7 / -HEAD branch and update the
system frequently. Alternatively track pkgsrc-HEAD and prefer external
critical applications.

> Regards,
> 
> Lewis
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW4L9rAAoJEEuzCOmwLnZsAlsP/jH7hqyKxRusrCnDND637ReE
D1lJpOZE5cKm8fyn+YYjySAn4qktI+RS+3bP/agaTKvXMiuG1+WYeVXS/BO2xrpr
TkuOjlFc56VbCBx15ogzYsSQslc2N94k/UaAU0hS1QkNliXMEej9xxSBvumIoZ7s
iX1qGjcgH61tz9PvhbixeGarBEg8/Jsrb+c+70J7EtEemfGFkgSdmKGRZxjLzIIk
xXHY+QFV4iq1qZBJJxttZAhMTewPm1oDjqM+OrJraFPidB2JKCqn3iWS1saTANg9
1p/IaltBuhCJOecCc8G6zU/esGhis9SMEyFWKq6S+0gtOsw0jgJMmcdjLRPUSBZv
rN3hlKI6yB5/VFr3Ab1wuN4d6mDhaf13tCW3NxSINgRT9ZOqC2P06Ft/A8uq9XEE
xODk4O6EzdW+bkmlDMy7SBe+gRm7gq/yBCD0GQomfta7S1diVXnF4KzI984t9tCT
kExc8BCz4XWdDh/HFeme/SDOXRFT4WDDoEBKKw4aET5pn3VNHUgNNblDKIGT5TEj
bhbXnSXZme+A/l+Iirv5pxgVE3Zp3+x3St6xqzyepcRYLDxmvsyFr6Sinu+JHKWG
+VRjtSNkUnV/bAlONvi8Agl1EHgVXclfiEX7gj/tvH6xON9Y996a99o/t7vE2ZAR
pBiMiexLYjXYMVDJjdOQ
=MASl
-----END PGP SIGNATURE-----