On Fri, Jul 12, 2002 at 04:16:48PM +0200, Ing.,BcA. Ivan Dolezal wrote:
> But my question was different: what mechanism is behind gathering 
> information for "vulnerabilities" text file? How many people care of it? 
> On what basis? Are they paid by NetBSD Foundation? Or Wassabi Systems? 
> Or is it just a chaotic mess?

A number of people scan a number of security mailing lists, and
inform a NetBSD developer, or take steps themselves, whenever a
vulnerability is made known.

I don't believe anyone is paid by the NetBSD Foundation.

I scan a number of mailing lists, and have updated the vulnerabilities
file, and I am employed by Wasabi Systems, but it's not my principal
job function.  In fact, it's not part of my job at all.

I also dislike your calling it a "chaotic mess".

I don't know what you're used to, but, to me, there is absolutely
no chaos or mess in being informed automatically that some software
you have installed on a number of machines is vulnerable to exploits.

Regards,
Alistair