From owner-freebsd-ports Sat Mar 25 19:27:12 2000 Delivered-To: freebsd-ports@freebsd.org Received: from picnic.mat.net (picnic.mat.net [206.246.122.133]) by hub.freebsd.org (Postfix) with ESMTP id 4786F37B81B; Sat, 25 Mar 2000 19:27:06 -0800 (PST) (envelope-from chuckr@picnic.mat.net) Received: from localhost (chuckr@localhost [127.0.0.1]) by picnic.mat.net (8.9.3/8.9.3) with ESMTP id WAA65577; Sat, 25 Mar 2000 22:25:21 -0500 (EST) (envelope-from chuckr@picnic.mat.net) Date: Sat, 25 Mar 2000 22:25:20 -0500 (EST) From: Chuck Robey To: Kris Kennaway Cc: ports@FreeBSD.ORG Subject: Re: pkg/SECURITY In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 25 Mar 2000, Kris Kennaway wrote: > I've written patches which teach bsd.port.mk and pkg_foo about a > pkg/SECURITY (and +SECURITY) file which gets cat'ed to the user before > pre-fetch, after post-install, and at pkg_add time. The intention is to > mention security issues relevant to the port, like world-writable/setuid > files, known or suspected vulnerabilities, etc. > > Another possible enhancement is a SECURITY_STATUS variable which would > stop the build and prompt for confirmation before continuing if set to > 'serious' (e.g. kind of like what the delegate port does now). > > What do people think about this? I didn't see if you put a way to disable it into your patches. If you didn't, then, no, you are being too extreme about it. You *can* make it the default, and it would only serve to increase FreeBSD's security reputation, but you have to provide a method for folks doing automated things to ignore it. Such folks already know about it anyways, Kris. Overall, if you provide a bypass method, then I think it's a *great* idea. > > Kris > > Index: Mk/bsd.port.mk ---------------------------------------------------------------------------- Chuck Robey | Interests include C & Java programming, FreeBSD, chuckr@picnic.mat.net | electronics, communications, and signal processing. New Year's Resolution: I will not sphroxify gullible people into looking up fictitious words in the dictionary. ---------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message