Jan Schaumann wrote:
> 
> Well, the ssh that is part of the base system is different from the
> OpenSSH package from pkgsrc.

This bothers me.  As noted earlier, this means that 2 different code 
bases need to be checked and maintained -- problem enough in a volunteer 
project with limited person-hours, but for a security protocol, it seems 
incredibly suspect!

>                               The base system ssh is maintained by
> NetBSD as part of the base system, with all the care and prudence this
> implies.  The OpenSSH package of pkgsrc is just that:  a *package* of
> the OpenSSH software, as the OpenSSH folks produce it.
> 
> (It just so happens that the ssh that is shipped in the base system is
> based on the official OpenSSH.)
> 
Yet, one of the usual features of a package system -- differences 
between versions are clearly described by the related patch files -- 
are lost by this duplication of effort!

(yes, it could all be deciphered by scrupulous reconstruction of all 
the CVS diffs.)

Anyway, as I pointed out in my first message, the security update 
mechanism is neither easy nor fast, and such has been the subject of 
effort in recent years by other *nix groups.  Hopefully, this group 
can benefit from lessons learned.

I'm suggesting automated fetching and installation of binaries, on the 
order of (similar to other projects):
  pkg_update
  pkg_upgrade

Can somebody can point me to the appropriate list where this kind of 
thing is discussed for NetBSD?  tech-pkg?  tech-toolchain?
-- 
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32