To sum it up in a single mail:

  * Opera 9.23 is out for quite a while and fixes one security issue wit=
h  =

JavaScript and a few stability issues, so I guess the package ought to b=
e  =

updated and the updates pulled up to -2007Q2, which doesn't seem to have=
  =

9.22 yet, even (which already fixed security issues);
  * pkg-vulnerabilities doesn't list at least the security issue fixed b=
y  =

the release of Opera 9.23;
  * What I'm wondering about: Firefox 2.0.0.6 has this long-standing  =

remote-information-exposure issue which prevents it from being built  =

without ALLOW_VULNERABLE=3Dyes; yet, there's a binary package available =
from  =

a directory different from packages/vulnerable, and the corresponding  =

README.html doesn't mention any vulnerabilities at all. I reckon this is=
  =

to not confuse new users with such a popular package being not instantly=
  =

available, but I haven't found anything about a change of policy regardi=
ng  =

that matter; ISTR that earlier, Firefox was being treated differently?
  * The links to dependencies in the README.htmls on the pkgsrc ftp-serv=
er  =

are long since broken. There's one "../" missing, for instance in  =

x11/9term/README.html, there's a link to  =

ftp://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/x11/editors/sam/README.ht=
ml.  =

Note "x11/editors".

TIA for anything.

-- =

Dennis den Brok