Has there been any thought to taking a hybrid type approach whereby netbsd 
ships some version of openssl, ssh, what have you, but also fakes a pkg 
install of it, and keeps the latest version in pkgsrc so it can be updated 
should a customer so desire?

On Wed, 7 Jun 2006, Christos Zoulas wrote:

> Date: Wed,  7 Jun 2006 23:15:05 +0000 (UTC)
> From: Christos Zoulas <christos@zoulas.com>
> Reply-To: gnats-bugs@NetBSD.org
> To: gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org, zafer@gmx.org
> Subject: Re: bin/31120 (update openssl in 3beta)
> 
> The following reply was made to PR bin/31120; it has been noted by GNATS.
>
> From: christos@zoulas.com (Christos Zoulas)
> To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org,
> 	netbsd-bugs@netbsd.org, zafer@gmx.org
> Cc:
> Subject: Re: bin/31120 (update openssl in 3beta)
> Date: Wed, 7 Jun 2006 19:12:41 -0400
>
> On Jun 7, 11:00pm, woods@weird.com ("Greg A. Woods") wrote:
> -- Subject: Re: bin/31120 (update openssl in 3beta)
>
> |  That seems like a very much less than ideal approach to maintenance.
> |
> |  People will no doubt be running systems built from the NetBSD-3 branch
> |  in production for years yet to come, and for something as central to
> |  many security-related applications as OpenSSL is, it would seem
> |  important to keep it as up to date as possible in _all_ supported
> |  branches.
>
> Greg, what version is running on 3.0? Are there any known vulnerabilities
> against it? The problem is that openssl is such a large package, and it
> affects other things (ssh), so we have to weigh the risk/benefit of the
> upgrade.
>
> christos
>
>