Subject: pkgsrc/security/audit-packages
To: None <tech-pkg@NetBSD.org>
From: Alistair Crooks <agc@pkgsrc.org>
List: tech-pkg
Date: 11/30/2003 12:08:33
This is just a gentle reminder that people that have this package
installed should please upgrade to the latest version
(audit-packages-1.25).

Some time ago, we replaced the old "vulnerabilities file must always
grow" method of determining correct transmission of the
vulnerabilities file with a new SHA1 checksum-based method.  The new
file is called "pkg-vulnerabilities", rather than "vulnerabilities",
to distinguish it.  I believe that these measures have greatly
increased the security and integrity of this tool, and just wanted to
make people aware of this fact.

There's also an ulterior motive for me - I want to add a pseudo-entry
to the pkg-vulnerabilities file, so that we can transition people to
the newer versions, and I'll use the URL of this mail in the
mail-index as the URL for that entry.

Regards,
Alistair
--
Alistair Crooks <agc@pkgsrc.org>