From nobody Sun Nov 14 19:49:52 2021
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4F2DB183E57C
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Sun, 14 Nov 2021 19:49:54 +0000 (UTC)
	(envelope-from madpilot@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Hsjb61nssz3K1M;
	Sun, 14 Nov 2021 19:49:54 +0000 (UTC)
	(envelope-from madpilot@FreeBSD.org)
Received: from [172.24.42.21] (host-79-51-17-182.retail.telecomitalia.it [79.51.17.182])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(Client did not present a certificate)
	(Authenticated sender: madpilot/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id A72D2B730;
	Sun, 14 Nov 2021 19:49:53 +0000 (UTC)
	(envelope-from madpilot@FreeBSD.org)
Message-ID: <e501cb86-9183-af4f-600f-c0fbe91c9c87@FreeBSD.org>
Date: Sun, 14 Nov 2021 20:49:52 +0100
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:91.0) Gecko/20100101
 Thunderbird/91.3.1
Subject: Re: Adding functionality to a port
Content-Language: en-US
To: Rob LA LAU <freebsd@ohreally.nl>, Kurt Jaeger <pi@freebsd.org>
Cc: "freebsd-ports@FreeBSD.org" <freebsd-ports@FreeBSD.org>
References: <4ca51765-b556-3f12-5809-5aadbf6dccca@ohreally.nl>
 <YZEskkPi2+cX9hrZ@home.opsec.eu>
 <480b44f5-0674-e645-8413-a1a368cfc393@ohreally.nl>
 <YZExLlXP3uEjrvyF@fc.opsec.eu>
 <fb5e514d-1458-9b49-1882-b64d5386cdfa@madpilot.net>
 <YZFGCoblQOHPnPWe@fc.opsec.eu>
 <e07b5a48-3465-c92b-ee4b-f2fc91e0202f@madpilot.net>
 <YZFXby/ktthO9Khx@fc.opsec.eu>
 <bc50a61a-1341-0c70-c427-f1717e2d871a@FreeBSD.org>
 <c23b8f2e-a2c5-a8e4-1fdd-db2b62404651@ohreally.nl>
From: Guido Falsi <madpilot@FreeBSD.org>
In-Reply-To: <c23b8f2e-a2c5-a8e4-1fdd-db2b62404651@ohreally.nl>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-ThisMailContainsUnwantedMimeParts: N

On 14/11/21 20:32, Rob LA LAU wrote:
> And hi again,
> 
> On 14/11/2021 19:42, Guido Falsi wrote:
>  > IN fact I would very astonished if some port (say firefox for 
> example) started behaving very differently than it does on other OSes 
> for no good technical reason.
> 
> True.
> But what if we're not talking about 'behaving very differently'. How 
> about we patch a browser to send the user's passwords to a server we 
> own, while - apart from that - the browser continues to work as expected?
> 

I'd argue that adding such a behaviour is a significant change in behaviour.

Apart from that such a change would be criminal in most jurisdictions 
too. And I'd add that the juridical system would simply persecute 
whoever owns the server the information is being sent too.

My opinion about allowed changes is also guided by avoiding this kind of 
risks.

>  > OTOH a valid technical reason could be dropping some functionality 
> depending on some API not available on FreeBSD, just to make an example 
> from the top of my head. >
> Dropping something because it is impossible to implement is different. 
> Sometimes you don't have a choice.

Exactly, so an acceptable change.

> My initial question was about a script that was added by the port 
> maintainer, which is not quite the same. Patching software to log 
> keystrokes, or to open a backdoor is also different.

I did not reply directly to your original question because I don't have 
a final solution.

You talk about "adding a periodic script". That is not even a real 
modification to the upstream software IMHO. Just adding some glue code 
for FreeBSD. If the script does what it advertises, and has no malicious 
intent I see nothing wrong with it. If it is broken fixing it is the 
logical thing to do.

Again, this is my personal opinion though.

> Clearly you can't solve all these problems by creating some guidelines 
> and rules. But I don't think that a serious software project can 
> continue without rules. Just like we need passwords and keys.
> 
> And preferably those rules would be very clear and simple, so that the 
> compliance can be verified (largely) in an automated fashion.
Being a son of two lawyers, and having a lot of friends who are lawyers, 
and also clients who are law firms, my informed (by having had a lot of 
arguments with all these people about this very subject) opinion is that 
there is no such thing in the world as a "clear and simple" set of rules.

I think I could simplify this in an aphorism like this:

About rules and laws: Simple, clear and useful, you can't have all 
three, pick two.

-- 
Guido Falsi <madpilot@FreeBSD.org>