The following reply was made to PR pkg/37608; it has been noted by GNATS.

From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: pkg/37608: audit-packages
Date: Tue, 25 Dec 2007 14:45:38 +0100

 On Mon, Dec 24, 2007 at 07:55:00PM +0000, jam@pobox.com wrote:
 > 	One is about message from pkgsrc.  When I try to make some pkgsrc
 > files, it says I need to run download-vulnerability-list program.  Is it
 > possible to show something like "need to install pkg_install and run
 > download-vulnerrability-list?"
 
 You are running NetBSD -current. You have that script as part of
 pkg_install in base already. That effectively answers the rest as well.
 
 > 	Third one is about the treatment of sbin.  The audit-packages is
 > installed into /usr/pkg/sbin.
 
 Yes, because it is primary a system binary of limited use to normal
 users. This is similiar to ping(8) and many other administrative
 comments. Note that the default path names for
 download-vulnerability-list fetch it to /var/db/pkg, so running it as
 unprivileged user needs customisation.
 
 Joerg