Hi,

> The main problem according to me is when packages are built but
> vulnerabilities are found so they are taken off from the packages directory
> and they are not rebuilt. This is very rare on i386, but a big issue on
> macppc.. I think...

Since bulk packages are built on the pkgsrc branches and not on head, when 
something is removed for security reasons, it takes longer for a fixed 
package to make it back into the tree. It's hard to keep track of things 
like that, but any ideas are welcome.

A while ago, I started building a package build system which was a 
database-driven queue (one of the goals was coordinating bulk builds 
across an arbitrary number of packages for slower machines, and at the 
same time coordinating many architectures). One of the ideas was to 
integrate the security audit program so that the system would 
automatically know which packages to rebuild after a CVS update. Perhaps 
I'll try to work on that again soon.

John