Date: Mon, 23 Jun 2003 11:05:24 +0100 From: Paul Robinson <paul@iconoplex.co.uk> To: Colin Percival <colin.percival@wadham.ox.ac.uk>, chat@FreeBSD.org Subject: Re: Cryptographically enabled ports tree. Message-ID: <20030623100524.GI15584@iconoplex.co.uk> In-Reply-To: <20030622033625.GA60460@HAL9000.homeunix.com> References: <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> <20030622033625.GA60460@HAL9000.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 21, 2003 at 08:36:25PM -0700, David Schultz wrote: > I don't see why people need to update their ports tree more often than > once a release. Perhaps, because they don't want to run out of date software? This ties in rather nicely in places with the packages discussion over on -hackers, but in essence, people should be able to keep their software patched and secure as easily as possible. Would you rather be running an apache server where the MD5 checked, but it's not cryptographically signed OR would you rather run one which is crypto-signed but has a remote root exploit in it? Paranoia is all well and good, but it's no replacement for common sense. -- Paul Robinson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030623100524.GI15584>