These days (and perhaps this is where a purported doc problem might be surfacing), it is generally recommended to use etcupdate(8) after unpacking sets, to merge changes to /etc. This would have gotten you the new defaults. Good advice in the general case, but the issue is this commit in src/etc/defaults/daily.conf: revision 1.18 date: 2012-07-30 13:09:34 -0400; author: christos; state: Exp; lines: +2 -2; PR/46757: Edgar Fuß: Change default to pkg_vulnerabilities from NO to unset, and make unset insted of NO to produce warnings, so that setting it to NO does produce warnings (if it is inappropriate for the machine to warn about this). I'd say this is a bug; there should be a (quiet) default in almost all cases, and only in the most extreme situations should we bother a human. So there is at best a real doc bug; the daily.conf man page was not updated when a change to the defaults was made that intentionally nagged the user.
Description: PGP signature