Date: Fri, 09 Sep 2011 13:38:53 +0100 From: Matt Burke <mattblists@icritical.com> To: freebsd-ports@freebsd.org Subject: Re: sysutils/cfs Message-ID: <4E6A08DD.8020307@icritical.com> In-Reply-To: <4E68F34C.6090504@FreeBSD.org> References: <4E651DCF.30605@FreeBSD.org> <201109052146.p85Lkous037023@fire.js.berklix.net> <CADLo838dMd5=TjRF5ffiaPH7o0%2BpeWgaqbQqEfDb3EP-n4ec8A@mail.gmail.com> <4E67935C.6080702@aldan.algebra.com> <CADLo838QkAjq2jPXy_c5MTYW09tZJMvWTNndo3Pnfa3=1c-5Og@mail.gmail.com> <4E68AC85.4060705@icritical.com> <4E68F34C.6090504@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/08/11 17:54, Matthias Andree wrote: > The port isn't perfectly usable (because that would mean it's usable in > all circumstances for all advertised purposes, which is explicitly not > the case in the light of known vulnerabilities). In British Engligh at least, "perfectly" can mean "adequately" e.g. A scaffold pole and a short wall is a perfectly usable jack for changing a car tyre. Apologies. However, it is still the case that software with known security vulnerabilities is almost always still usable for the most part. If the kernel had a flaw which took someone with a username exactly 17 characters long to have UID 0, would you refuse to, or be unable to use the operating system until it's fixed? What if I mentioned FreeBSD has a 16-character hard-coded limit on usernames? > Nobody stands there pointing a gun at your head and forces you to > uninstall a port that got removed from the ports/ tree. If someone deletes a package I use from ports, they are FORCING me to jump through an awful load of hoops to get what I want/need. Let's look at the subject of this thread: What happens if I'm a CFS user and my hard disk dies? I install the latest release, pull my backups back in, and find that the FreeBSD people have decided they don't want me to be able to access my encrypted data any more. What do I do? Attempt to compile CFS from vendor source? Waste time trying to re-make a port? Install the ports tree from a FreeBSD6.1 CD I have lying around? Just install some other OS? What exactly is the administrative overhead of having a FORBIDDEN, etc port in the tree if it compiles, works, and people are happy to use it regardless of its flaws?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E6A08DD.8020307>