> First, I see no real gain in adding this to pkg_admin, as I think it's rather 
> uncommon to run this interactively. Waiting 5-15 seconds in the daily output 
> shouldn't hurt to add this to pkg_*. (I'm conservative about breaking up the 
> "combine tools" approach).

If it were just an issue of the daily security check taking longer, then 
it wouldn't matter much. Checking vulnerabilities is done at the beginning 
of making every package. Even on a 400 MHz PowerPC 604ev, it takes around 
25 seconds, and a 66 MHz m68060 takes 90 seconds. Ignoring that would be 
ignoring the fact that NetBSD is pretty much the OS of choice for older 
hardware.

On top of that, it's not stateful - if a make gets interrupted at any 
point, resuming rechecks vulnerabilities, which doesn't make much sense to 
me.

John