Subject: Re: binary packages with vulnerabilities removed from ftp - a bad
To: Geert Hendrickx <geert.hendrickx@ua.ac.be>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-pkg
Date: 01/29/2005 21:51:07
On Sat, 29 Jan 2005, Geert Hendrickx wrote:

>
> when a vulnerability is discovered in a package, the according binary
> package(s) are removed from NetBSD's ftp-mirrors.  While the reason is
> obvious (we don't want vulnerable packages), I don't think this is a
> good idea.  It can make it pretty difficult to use binary packages.

Yes, this is an inconvenience.

We should have a daily script that checks to see what packages are missing
and complain to the pkgsrc developers list every day!

 Jeremy C. Reed

 	  	 	 BSD News, BSD tutorials, BSD links
	  	 	 http://www.bsdnewsletter.com/