I asked in July if security patches were still being provided. And only
one diff has been posted since then (and since March).

I see many from 1997 through 2001 at
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/

The ftp site has (for this year) diffs for: SA2002-001-ptrace,
SA2002-002-gzip, SA2002-003-SPDSA, 2002-004-sshd, then SA2002-021-rogue.

Are there any plans to continue providing security patches in diff format?

For almost all of 2002, I have been building and providing security
updates[1] in binary format for a variety of commercial customers. In
the case of kernel updates, I have provided a kernel using GENERIC.

But I know that many admins use (and need) custom kernels. For example,
BSD/OS[2] provides kernel objects as part of their update service which
can be use for when rebuilding custom kernels. (This is important because
the standard license doesn't include source.) Providing kernel objects for
NetBSD doesn't seem worth it. I can (and have) provided diffs for kernel
source for security issues (to go along with the binary updates provided).

But I am thinking it would be better to just have the diffs available from
NetBSD ftp site, like many in the past have been.

Are there any plans to continue providing security patches in diff format?

   Jeremy C. Reed
   http://bsd.reedmedia.net/

[1] http://www.pugetsoundtechnology.com/services/netbsd/updates/

[2] I use BSD/OS as an example, especially because my update service is
modeled on theirs. Some hassles with migrating from BSD/OS to NetBSD can
be helped with these similar binary updates.