(appologies for any typos in quoted material, I pieced this together by hand)

> On 11/20/2005 Krister Walfridsson wrote:
> I definitely agree that you should not need to change you configuration
> as a result of changes in the infrastructure.  My annoyance was because

The whole point of changing from ALLOW_VULNERABLE_PACKAGES is so you NEED
to change your configuration and you need to explicitly think about
which vulnerabilities you're going to allow.  In this case I think it
is entirely appropriate to need to change you configuration due to 
infrastructure changes.
ALLOW_VULNERABLE_PACKAGES is replaced with ALLOW_VULNERABILITIES because
blindly allowing _all_ vulerabilities is a generally a bad thing.

> On 11/20/2005 Allistair Crooks wrote:
> I already have ALLOW_VULNERABLE_PACKAGES set in my /etc/mk.conf.  That
> should be a hint that I don't want audit-packages to be run on bulk
> builds.  Why do I have to set SKIP_AUDIT_PACKAGES as well?

	It's not an additional setting.  It was just renamed.
As far as I can tell, nothing in pkgsrc/mk currently, or previously
set ALLOW_VULNERABLE_PACKAGES, so builds, bulk or otherwise, perform
the audit-packages check.  To me, that seems like the proper default
setting and the default for SKIP_AUDIT_PACKAGES is exactly the same.

	I had figured, that with the number of messages about this
(both on this list and on tech-pkg, where I originally posted my changes
for review) people might notice that they would have to rename their
ALLOW_VULNERABLE_PACKAGES variable to SKIP_AUDIT_PACKAGES.  (and if not
seen there, it's documented in mk/default/mk.conf and in the pkgsrc guide)

eric