From owner-cvs-all@FreeBSD.ORG Thu Mar 4 15:58:58 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0343916A4CE; Thu, 4 Mar 2004 15:58:58 -0800 (PST) Received: from meitner.wh.uni-dortmund.de (meitner.wh.Uni-Dortmund.DE [129.217.129.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id 72C0243D1F; Thu, 4 Mar 2004 15:58:57 -0800 (PST) (envelope-from michaelnottebrock@gmx.net) Received: from lofi.dyndns.org (pc2-105.intern.meitner [10.3.12.105]) by meitner.wh.uni-dortmund.de (Postfix) with ESMTP id 707ED167522; Fri, 5 Mar 2004 00:58:56 +0100 (CET) Received: from [192.168.8.4] (kiste.my.domain [192.168.8.4]) (authenticated bits=0) by lofi.dyndns.org (8.12.10/8.12.10) with ESMTP id i24NwsG0025788 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Fri, 5 Mar 2004 00:58:55 +0100 (CET) (envelope-from michaelnottebrock@gmx.net) From: Michael Nottebrock To: "Jacques A. Vidrine" Date: Fri, 5 Mar 2004 00:58:50 +0100 User-Agent: KMail/1.6.1 References: <200402072116.i17LGmkA007339@repoman.freebsd.org> <20040303163111.L55861@volatile.chemikals.org> <20040304230002.GD19335@lum.celabo.org> In-Reply-To: <20040304230002.GD19335@lum.celabo.org> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_+K8RAxw7atW8DHp"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403050058.54374.michaelnottebrock@gmx.net> X-Virus-Scanned: by amavisd-new cc: Michael Nottebrock cc: cvs-all@freebsd.org cc: ports-committers@freebsd.org cc: Will Andrews cc: cvs-ports@freebsd.org Subject: Re: cvs commit: ports/audio/arts Makefile X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2004 23:58:58 -0000 --Boundary-02=_+K8RAxw7atW8DHp Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 05 March 2004 00:00, Jacques A. Vidrine wrote: > On Wed, Mar 03, 2004 at 04:34:11PM -0500, Wesley Morgan wrote: > > IMO any port that wishes to install a suid binary by default should be > > required to get approval from the FreeBSD Security Team, and their > > decisions, not the port maintainers, be final in cases where it is > > optional. The problem with that approach is that you cannot really trust a "security= =20 team" more than a port maintainer (or a port maintainer team). A member of= =20 the security team might be more competent than the port maintainer in some= =20 instances, in other instances it might be the other way around. Although I= =20 have been told before that I just don't understand security, I believe you= =20 can't achieve security by trusting in name tags. > > This in addition to any prominent warnings about suid binaries=20 > > deemed necessary. Every port that installs binaries already warns you about them, automatical= ly, =20 and the daily security run from periodic scans for new setuid binaries as=20 well. > I will be very happy to > see what Michael comes up with for artswrappers, and for myself I intend > to investigate various X11-related bits that were brought up previously. Artswrapper will be similar to x11/wrapper. =2D-=20 ,_, | Michael Nottebrock | lofi@freebsd.org (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org --Boundary-02=_+K8RAxw7atW8DHp Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAR8K+Xhc68WspdLARAv9hAJ0VsrdSG9Zsmr0z84S0TZawlYaH4gCfdU34 YGTAGVERRY4FYIiKwTCmvws= =po+Q -----END PGP SIGNATURE----- --Boundary-02=_+K8RAxw7atW8DHp--