In message <20020829200104.GK5219@deathmitten.example.org>, John Franklin=
 write
s:
>On Thu, Aug 29, 2002 at 03:50:53PM -0400, Steven M. Bellovin wrote:
>> In message <20020829192035.GA532@antioche.eu.org>, Manuel Bouyer write=
s:
>> >
>> >It's in pkgsrc. The binary may not be there for the same reason as
>> >mozilla.
>> =

>> And of course, right now the pkgsrc version of Mozilla has a security
>> advisory on it...
>
>Is there some way pkg_add could detect and inform the user of packages
>that are missing because of security advisories?  (Obviously, from
>network sources.)  Similarly, does pkg_add take advantage of
>audit-packages if present?  Say, you install a package from a CDROM
>that's old and has a security advisory on it.  Pkg-add could allow it to=

>proceed (user selectable), but inform the user of the advisory via
>audit-packages.

When you do the compilation, you do indeed get a security warning.  I =

haven't tried it yet with an insecure binary package.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)