From owner-freebsd-security Sun Oct 1 4:20:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.vxu.se (oxeln.vxu.se [194.47.65.30]) by hub.freebsd.org (Postfix) with ESMTP id 02C6B37B502 for ; Sun, 1 Oct 2000 04:20:25 -0700 (PDT) Received: from XGod ([194.47.111.20]) by mail.vxu.se (Netscape Messaging Server 4.15) with SMTP id G1R0TZ00.27R for ; Sun, 1 Oct 2000 13:20:23 +0200 Message-ID: <002401c02b99$a07a8ab0$6400a8c0@XGod> From: "Andreas Alderud" To: Subject: Re: Security and FreeBSD, my overall perspective Date: Sun, 1 Oct 2000 13:20:38 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I think it would be wise to have three ports of the ``same´´ package. My idea is to have lets say -SECURE, -STABLE - and CURRENT (the same could be done with FreeBSD itself). The good thing about this would be that if a port is labeled -SECURE it's not necessary the most recent -STABLE version, obviously, and the -SECURE port could the be marked with a N-value for security level. The real advantage of this would be if the BSDs would have a unified ports system, as proposed by Chris Coleman, and incorperate the ideas of Jordans paper on the future package system. Because many developers find security auditing a boring task, me included, this task could then be handled, in most cases, by the OpenBSD or similar team since they like to do that kind of stuff. - This would only happen if there was a unified ports system. Doing this would also help people like me who hate to be forced to either port an old version of a software or run the latest port that most often is alpha or beta(typical opensource style :-( ), because I could either run -STABLE or -SECURE depending on my level of paranoia. And people who like to stay on the bleeding edge con do that with -CURRENT. But then most of the problems would go away if FreeBSD got MAC etc, fortanly the TrustedBSD team is working on that. /Kind regards, David A. Alderud To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message