On 31/01/2020 07:49, yarl-bau...@mailoo.org wrote:
Please Maya and Mr Billquist, can you be more specific about how it is insecure?
To all: Is someone working on it and what is ongoing to improve this?
I feel this thread belongs to pkgsrc-users@ or even better tech-pkg@ and
I'm not the OP, but here's my thoughts: binary packages are bulk-built
from pkgsrc. pkgsrc is not strictly part of the operating system base
but are external applications. Making a rough and totally uneducated
comparison between NetBSD and, say, OpenBSD, the former is more focused
on usability and making sure the system doesn't break, while the latter
is totally focused on security, to the point of mutilating crucial parts
of the OS, if that doesn't fit its self-imposed standards (I'm over
simplifying).
I believe there's an internal pkgsrc security mailing list to which
users have no access (I could be wrong), so I don't really know how this
auditing really works.
One can always "pkg_admin fetch-pkg-vulnerabilities && pkg_admin audit".
--
Ottavio Caruso
