>Just point me to the thread if I missed a discussion...
>Right now distfiles/vulnerabilities says ssh<1.2.31 is vulnerable.
>The latest version in pkgsrc is 1.2.27nb1, whose patch-ac seems to
>address the issue that the vulnerabilities file points to.
>So... should security/ssh be marked BROKEN, or the entry in
>vulnerabilties be removed, or... something else?
>Currently the package is 'clean', but audit-packages reports it broken.
>That's bad.

	basically i would suggest using openssh.  should we really mark
	security/ssh BROKEN?  or move security/ssh to ssh.som ssh 3.x?

itojun