From owner-freebsd-ports-bugs@freebsd.org Sat Dec 23 22:18:22 2017 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8F523EA58C3 for ; Sat, 23 Dec 2017 22:18:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7CE1878684 for ; Sat, 23 Dec 2017 22:18:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vBNMIMKN087758 for ; Sat, 23 Dec 2017 22:18:22 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 224526] [security][feature suggestion] Closed source binaries need to be labeled in ports, and explicitly allowed by users Date: Sat, 23 Dec 2017 22:18:22 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Ports Framework X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: yuri@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: portmgr@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Dec 2017 22:18:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224526 --- Comment #2 from Yuri Victorovich --- (In reply to Jan Beich from comment #1) > Maybe the default license should be NONE Then once the user accepts NONE, all of them will be allowed? This should b= e a case-by-case procedure for the user. > linux-* infra ports have their source publically available As long as they aren't built by a trusted by the user entity, there is no guarantee that binary is built from the sources they are supposed to be bui= lt from. How do you know that firefox.deb is built from the firefox sources? Y= ou trust the ubuntu servers that they do that and not something else. When the user installs FreeBSD, he implicitly trusts FreeBSD, its build servers, its admins and port maintainers. The users doesn't automatically t= rust ubuntu, or redhat, just because he installed FreeBSD. We are not entitled to tell users that other people are trustworthy, even though users trust us. This is why linux-* should be in the same category. --- This isn't designed to make it as easy as possible. This is designed to pre= vent untrusted code from making its way into the users' systems. --=20 You are receiving this mail because: You are on the CC list for the bug.=