From owner-freebsd-advocacy  Fri Feb  9 10:14:14 2001
Delivered-To: freebsd-advocacy@freebsd.org
Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220])
	by hub.freebsd.org (Postfix) with ESMTP id 6589E37B401
	for <freebsd-advocacy@freebsd.org>; Fri,  9 Feb 2001 10:13:55 -0800 (PST)
Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!)
	by homer.softweyr.com with esmtp (Exim 3.16 #1)
	id 14RICc-0000Jx-00
	for freebsd-advocacy@freebsd.org; Fri, 09 Feb 2001 11:23:26 -0700
Message-ID: <3A84359E.4E8B9864@softweyr.com>
Date: Fri, 09 Feb 2001 11:23:26 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-advocacy@freebsd.org
Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE
References: <200102082016.PAA29933@vws3.interlog.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-advocacy@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Some random moron at vws3.interlog.com wrote:
> 
> II.  Problem Description
> 
> We normally do not assess security when creating the ports distribution
> often allowing anyone to build any program we decide to run in the ports
> directory. Recently we have noticed that we can no longer fool users
> into thinking because we provide checksumming for the programs, that
> they will be secure.
> 
> Unlinke other operating systems and the developers of them who audit
> their ports, we feel it is not our problem if someone accessess your
> system because we're too lazy to do things right the first time.

Which operating systems would this be?

http://www.openbsd.org/ports.html

Take particular not of the first paragraph in RED text, which says:

	The ports & packages collection does NOT go through the 
	thorough security audit that OpenBSD follows. Although we
	strive to keep the quality of the packages collection high, 
	we just do not have enough human resources to ensure the
	same level of robustness and security. 

Don'tcha just love it when our favorite prankster is too stupid to even
effectively joke about the topics he takes on?

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-advocacy" in the body of the message