On 14 Feb 2001, Chris Jones wrote:

> itojun@iijlab.net writes:
> > 	i've requested a pullup from current to 1.5 branch.
>
> But that won't help people who are running 1.5 and not tracking the
> release branch.

In general, it's best not to rely on pkgsrc for security fixes to the
base system. Besides the fact that it won't touch the binaries in the
base system (and I hope the security issues with that are obvious),
many system binaries don't have packages at all. The only reason there
continues to be an openssh package is in support of NetBSD-1.4.3 and
earlier.

It's not necessary to track the whole release branch just to update
ssh. You should be able to check out only /basesrc/crypto/dist/ssh and
/basesrc/usr.bin/ssh, and build in the latter.


Frederick