From owner-freebsd-ports-bugs Fri Feb 14 17:56: 7 2003 Delivered-To: freebsd-ports-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C102937B401; Fri, 14 Feb 2003 17:56:04 -0800 (PST) Received: from fep2.cogeco.net (smtp.cogeco.net [216.221.81.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id E806543FCB; Fri, 14 Feb 2003 17:56:03 -0800 (PST) (envelope-from pnmurphy@cogeco.ca) Received: from earth.upton.net (d141-18-230.home.cgocable.net [24.141.18.230]) by fep2.cogeco.net (Postfix) with SMTP id 0915E7CF9; Fri, 14 Feb 2003 20:58:06 -0500 (EST) Date: Fri, 14 Feb 2003 20:55:55 -0500 From: Paul Murphy To: "Simon 'portlint' Schubert" Cc: markp@FreeBSD.ORG, Yonatan@xpert.com, freebsd-ports-bugs@FreeBSD.ORG, Will Andrews Subject: Re: ports/48132: new port: log keystrokes of remote X servers Message-Id: <20030214205555.7b00f7be.pnmurphy@cogeco.ca> In-Reply-To: <20030214183226.75f1a8cc.corecode@corecode.ath.cx> References: <200302141219.h1ECJwik058765@freefall.freebsd.org> <20030214103226.07ec814b.pnmurphy@cogeco.ca> <20030214183226.75f1a8cc.corecode@corecode.ath.cx> X-Mailer: Sylpheed version 0.8.9claws (GTK+ 1.2.10; i386-portbld-freebsd4.7) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="=.dHPRPsIAAkU5vV" Sender: owner-freebsd-ports-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=.dHPRPsIAAkU5vV Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Fri, 14 Feb 2003 18:32:26 +0100 "Simon 'portlint' Schubert" wrote: > Lately Paul Murphy told: > > > I guess it's a bit late to ask now, but is there any _legitimate_ > > use for this port? If not, do we want to encourage this sort of > > thing? Are ports simply committed because they compile on FreeBSD > > without any consideration at to the ethics of them? > > which ethics? who is to decide upon that? we got security analyzers > and port scanners too. and wow, rm is even in the base system and can > be used by root to delete user's files! > Common sense? Committors? Can xspy only be run as root? Can root rm files on a remote system? On Fri, 14 Feb 2003 10:33:17 -0800 Will Andrews wrote: > > FreeBSD only provides the ports -- ethics policies are a > system/network administrator's responsibility. > "He took water, and washed his hands before the multitude, saying, I am innocent of the blood of this just person; see ye to it." Matt. xxvii:24 > FreeBSD's policy in this respect is and has always been > "tools, not policy". Note that FreeBSD provides things like > airsnort, tcpdump, dsniff, ethereal, and so on. > > Almost any application can be coerced into doing something that > might be considered illegal. So why discriminate among them? > Such discrimination can be legally troublesome. That's why I prefaced my comment with the question 'any _legitimate_ use?'. Port scanners, tcpdump, ethereal (and even rm) have uses for debugging and security audits (I don't know about the others). I can only think xspy would be used for sniffing passwords. If a port were proposed that _actually_ did something illegal, under the above 'policies' it would have to be committed. I am just wondering if there is 'a line', who judges it, and what it takes to cross it. I think there is (should be) and the committors have (should have) some responsibility for it. If there is no other use for xspy than sniffing others' privacy then it has crossed it. p.s. To the developer of xspy, I apologize, I am not particularly picking on this port. It was just the one that brought these questions to mind. -- Cogeco ergo sum --=.dHPRPsIAAkU5vV Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+TZ4yTv5Mxsi/WPMRAs9sAJ9B3X8NC3eFJt2oiixPjFSKanGm9ACgmQ3h 68c1cpe+NR6ypbavMBMOVnA= =mONj -----END PGP SIGNATURE----- --=.dHPRPsIAAkU5vV-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports-bugs" in the body of the message