From owner-cvs-ports@FreeBSD.ORG  Sat Feb 21 11:36:18 2004
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 79DC216A4CE; Sat, 21 Feb 2004 11:36:18 -0800 (PST)
Received: from mtaw4.prodigy.net (mtaw4.prodigy.net [64.164.98.52])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6F32F43D1F; Sat, 21 Feb 2004 11:36:18 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: from obsecurity.dyndns.org
	(6eb196398bba6eb0f129e862cd6ec4dd@adsl-63-207-60-37.dsl.lsan03.pacbell.net
	[63.207.60.37])
	by mtaw4.prodigy.net (8.12.10/8.12.10) with ESMTP id i1LJaHwK002723;
	Sat, 21 Feb 2004 11:36:17 -0800 (PST)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 6BA6266CAF; Sat, 21 Feb 2004 11:36:17 -0800 (PST)
Date: Sat, 21 Feb 2004 11:36:17 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Clement LAFORET <clement@FreeBSD.org>
Message-ID: <20040221193617.GB50771@xor.obsecurity.org>
References: <200402211513.i1LFDQRA012919@repoman.freebsd.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="E39vaYmALEf/7YXx"
Content-Disposition: inline
In-Reply-To: <200402211513.i1LFDQRA012919@repoman.freebsd.org>
User-Agent: Mutt/1.4.1i
cc: security-team@FreeBSD.org
cc: cvs-ports@FreeBSD.org
cc: cvs-all@FreeBSD.org
cc: ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/net/delegate Makefile distinfo pkg-message
	pkg-plist
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Feb 2004 19:36:18 -0000


--E39vaYmALEf/7YXx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Feb 21, 2004 at 07:13:26AM -0800, Clement LAFORET wrote:
> clement     2004/02/21 07:13:25 PST
>=20
>   FreeBSD ports repository
>=20
>   Modified files:
>     net/delegate         Makefile distinfo pkg-message=20
>   Removed files:
>     net/delegate         pkg-plist=20
>   Log:
>   - Update to 8.9.1
>   - Remove all security warning

When I audited this software and added the warning, I concluded that
delegate was fundamentally insecure from the ground up and could not
be fixed just by patching a few things.  How has this changed, and who
has audited the new software to verify it?

Kris

--E39vaYmALEf/7YXx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAN7MxWry0BWjoQKURAo19AJ4g9PgMJ23vdAOnPZvyuvyjNAhJkQCgit09
k24d9WNSmO3j/yJ4ftQndlo=
=qD9H
-----END PGP SIGNATURE-----

--E39vaYmALEf/7YXx--