Date: Sat, 25 Mar 2000 22:25:20 -0500 (EST) From: Chuck Robey <chuckr@picnic.mat.net> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: ports@FreeBSD.ORG Subject: Re: pkg/SECURITY Message-ID: <Pine.BSF.4.21.0003252222280.47847-100000@picnic.mat.net> In-Reply-To: <Pine.BSF.4.21.0003251740100.36565-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 25 Mar 2000, Kris Kennaway wrote: > I've written patches which teach bsd.port.mk and pkg_foo about a > pkg/SECURITY (and +SECURITY) file which gets cat'ed to the user before > pre-fetch, after post-install, and at pkg_add time. The intention is to > mention security issues relevant to the port, like world-writable/setuid > files, known or suspected vulnerabilities, etc. > > Another possible enhancement is a SECURITY_STATUS variable which would > stop the build and prompt for confirmation before continuing if set to > 'serious' (e.g. kind of like what the delegate port does now). > > What do people think about this? I didn't see if you put a way to disable it into your patches. If you didn't, then, no, you are being too extreme about it. You *can* make it the default, and it would only serve to increase FreeBSD's security reputation, but you have to provide a method for folks doing automated things to ignore it. Such folks already know about it anyways, Kris. Overall, if you provide a bypass method, then I think it's a *great* idea. > > Kris > > Index: Mk/bsd.port.mk ---------------------------------------------------------------------------- Chuck Robey | Interests include C & Java programming, FreeBSD, chuckr@picnic.mat.net | electronics, communications, and signal processing. New Year's Resolution: I will not sphroxify gullible people into looking up fictitious words in the dictionary. ---------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003252222280.47847-100000>