Date: Sat, 23 Dec 2017 22:18:22 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 224526] [security][feature suggestion] Closed source binaries need to be labeled in ports, and explicitly allowed by users Message-ID: <bug-224526-13-l7aJmKfqw5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-224526-13@https.bugs.freebsd.org/bugzilla/> References: <bug-224526-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224526 --- Comment #2 from Yuri Victorovich <yuri@freebsd.org> --- (In reply to Jan Beich from comment #1) > Maybe the default license should be NONE Then once the user accepts NONE, all of them will be allowed? This should b= e a case-by-case procedure for the user. > linux-* infra ports have their source publically available As long as they aren't built by a trusted by the user entity, there is no guarantee that binary is built from the sources they are supposed to be bui= lt from. How do you know that firefox.deb is built from the firefox sources? Y= ou trust the ubuntu servers that they do that and not something else. When the user installs FreeBSD, he implicitly trusts FreeBSD, its build servers, its admins and port maintainers. The users doesn't automatically t= rust ubuntu, or redhat, just because he installed FreeBSD. We are not entitled to tell users that other people are trustworthy, even though users trust us. This is why linux-* should be in the same category. --- This isn't designed to make it as easy as possible. This is designed to pre= vent untrusted code from making its way into the users' systems. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-224526-13-l7aJmKfqw5>