Subject: Re: pkg-vulnerabilities, vulnerable packages, Opera 9.23, README.htmls
To: Dennis den Brok <d.den.brok@uni-bonn.de>
From: Adrian Portelli <adrianp@stindustries.net>
List: pkgsrc-users
Date: 08/25/2007 00:30:49
Dennis den Brok wrote:
> To sum it up in a single mail:
> 
...
>  * What I'm wondering about: Firefox 2.0.0.6 has this long-standing
> remote-information-exposure issue which prevents it from being built
> without ALLOW_VULNERABLE=yes; yet, there's a binary package available
> from a directory different from packages/vulnerable, and the
> corresponding README.html doesn't mention any vulnerabilities at all. I
> reckon this is to not confuse new users with such a popular package
> being not instantly available, but I haven't found anything about a
> change of policy regarding that matter; ISTR that earlier, Firefox was
> being treated differently?
...
> 
> TIA for anything.
> 

I'll look into this.  What version of the pkg_install tools are you
running ?

thanks,

adrian.