From owner-freebsd-ports Wed May 17 10:50: 8 2000 Delivered-To: freebsd-ports@freebsd.org Received: from viper.lovett.com (hub.lovett.com [216.60.121.161]) by hub.freebsd.org (Postfix) with ESMTP id E84CD37BBC7 for ; Wed, 17 May 2000 10:50:03 -0700 (PDT) (envelope-from ade@lovett.com) Received: from ade by viper.lovett.com with local (Exim 3.13 #1) id 12s7x3-0002Kg-00; Wed, 17 May 2000 12:49:45 -0500 Date: Wed, 17 May 2000 12:49:45 -0500 From: Ade Lovett To: Alexander Langer Cc: freebsd-ports@FreeBSD.ORG Subject: Re: ports/10634 Message-ID: <20000517124945.N2742@lovett.com> References: <200005171728.KAA60889@freefall.freebsd.org> <20000517194132.A20572@cichlids.cichlids.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20000517194132.A20572@cichlids.cichlids.com>; from alex@big.endian.de on Wed, May 17, 2000 at 07:41:32PM +0200 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 17, 2000 at 07:41:32PM +0200, Alexander Langer wrote: > No. setuid uucp exploits aren't quite important on most boxes. > Even less, if you can trust your users. Well, IMO, if we have any port that has security holes in it of any kind, we mark it BROKEN/FORBIDDEN/whatever. The software author and port maintainer should then have a set period of time (say 3 months), to come up with a suitable fix. If none is found, the port is removed from the tree (we can always bring it back later if it does get finally fixed). As the number of ports grows, we should not let the quality drop. If anything, we should perhaps be more stringent. As far as this port goes, I've said my piece. I have better things to do with my time than argue round in circles over the relative merits of different types of exploits. They're all bad. Period. -aDe -- Ade Lovett, Austin, TX. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message