I submitted PR security/6548 many moons ago and thought now would be a good
time to air it out and either close it w/o further action or convince
someone to help implement it.

The general idea is that /etc/changelist contains a list of files that are
generally redundant (in a subset sort of way) with the security checking
of mtree, using /etc/mtree/special.

To reduce the number of files you need to tweak to tighten up security of
your system, I suggested in the PR that we modify mtree to allow an additional
field in its file format such that it can spit out a list of files for the
daily security script to use instead of having to read /etc/security.

I have not submitted a patch with the PR because I do not (yet) contain the
programming skillz to make it go.

Does this make sense, should it be done, can someone make it work?

Rob++
----------------------------------------
Internet: windsor@warthog.com                             __o
Life: Rob@Carrollton.Texas.USA.Earth                    _`\<,_
                                                       (_)/ (_)
The weather is here, wish you were beautiful.