From owner-freebsd-advocacy Fri Feb 9 10:53:46 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from SCARAB.bnj.com (mail.beav01.bnj.com [208.161.105.35]) by hub.freebsd.org (Postfix) with ESMTP id 4B43B37B503 for ; Fri, 9 Feb 2001 10:53:23 -0800 (PST) Received: by SCARAB.bnj.com with Internet Mail Service (5.5.2653.19) id <1DALS4X6>; Fri, 9 Feb 2001 10:51:13 -0800 Message-ID: From: Linh Pham To: Wes Peters , freebsd-advocacy@freebsd.org Subject: RE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_ HERE Date: Fri, 9 Feb 2001 10:51:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C092C9.4647B440" Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C092C9.4647B440 Content-Type: text/plain I personally think it would take too much manpower and resources to `audit' each and every port that is produce for each of the BSD's. But yes, it is quite funny to see a prankster tripping over his/her/it's own ranting :) -----Original Message----- From: Wes Peters [mailto:wes@softweyr.com] Sent: Friday, February 09, 2001 10:23 To: freebsd-advocacy@freebsd.org Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Some random moron at vws3.interlog.com wrote: > > II. Problem Description > > We normally do not assess security when creating the ports distribution > often allowing anyone to build any program we decide to run in the ports > directory. Recently we have noticed that we can no longer fool users > into thinking because we provide checksumming for the programs, that > they will be secure. > > Unlinke other operating systems and the developers of them who audit > their ports, we feel it is not our problem if someone accessess your > system because we're too lazy to do things right the first time. Which operating systems would this be? http://www.openbsd.org/ports.html Take particular not of the first paragraph in RED text, which says: The ports & packages collection does NOT go through the thorough security audit that OpenBSD follows. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security. Don'tcha just love it when our favorite prankster is too stupid to even effectively joke about the topics he takes on? -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message ------_=_NextPart_001_01C092C9.4647B440 Content-Type: text/html Content-Transfer-Encoding: quoted-printable RE: FreeBSD Ports Security Advisory: = FreeBSD-SA-01:INSERT_NUMBER_HERE

I personally think it would take too much manpower = and resources to `audit' each and every port that is produce for each = of the BSD's. But yes, it is quite funny to see a prankster tripping = over his/her/it's own ranting :)

-----Original Message-----
From: Wes Peters [mailto:wes@softweyr.com]
Sent: Friday, February 09, 2001 10:23
To: freebsd-advocacy@freebsd.org
Subject: Re: FreeBSD Ports Security Advisory:
FreeBSD-SA-01:INSERT_NUMBER_HERE


Some random moron at vws3.interlog.com wrote:
>
> II.  Problem Description
>
> We normally do not assess security when = creating the ports distribution
> often allowing anyone to build any program we = decide to run in the ports
> directory. Recently we have noticed that we can = no longer fool users
> into thinking because we provide checksumming = for the programs, that
> they will be secure.
>
> Unlinke other operating systems and the = developers of them who audit
> their ports, we feel it is not our problem if = someone accessess your
> system because we're too lazy to do things = right the first time.

Which operating systems would this be?

http://www.openbsd.org/ports.html

Take particular not of the first paragraph in RED = text, which says:

        The ports = & packages collection does NOT go through the
        thorough = security audit that OpenBSD follows. Although we
        strive to = keep the quality of the packages collection high,
        we just = do not have enough human resources to ensure the
        same = level of robustness and security.

Don'tcha just love it when our favorite prankster is = too stupid to even
effectively joke about the topics he takes = on?

--
          &nb= sp; "Where am I, and what am I doing in this = handbasket?"

Wes = Peters           =             =             =             =           Softweyr = LLC
wes@softweyr.com        = ;            = ;            = ;           http://softweyr.com/


To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-advocacy" in the = body of the message

------_=_NextPart_001_01C092C9.4647B440-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message