, <tech-pkg@NetBSD.org>
From: David H.Gutteridge <dhgutteridge@sympatico.ca>
List: tech-pkg
Date: 01/09/2005 20:35:01
Hello,
I've a question about reporting security
issues with pkgsrc tools that are installed
on non-NetBSD systems via the bootstrap package.
Since they're not actually recorded as packages
(except for digest), they can't be audited by
audit-packages. Consequently, if an issue
arises, as one with tnftp has recently,
how is communication of this fact handled?
Perhaps this is the first time it's come up?
Dave