Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 26 Aug 2012 11:39:07 -0700
From:      Doug Barton <dougb@FreeBSD.org>
To:        Baptiste Daroussin <bapt@FreeBSD.org>
Cc:        CyberLeo Kitsana <cyberleo@cyberleo.net>, ports@FreeBSD.org, current@FreeBSD.org, Jilles Tjoelker <jilles@stack.nl>, Steve Wills <swills@FreeBSD.org>
Subject:   Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
Message-ID:  <503A6D4B.9070606@FreeBSD.org>
In-Reply-To: <20120826125846.GD37534@ithaqua.etoilebsd.net>
References:  <97612B57-1255-4BB3-A6D3-FC74324C6D67@FreeBSD.org> <20120824081543.GB2998@ithaqua.etoilebsd.net> <50380269.6020003@FreeBSD.org> <20120825000148.GF37867@ithaqua.etoilebsd.net> <50396113.3080607@cyberleo.net> <20120826122649.GA8995@stack.nl> <20120826125846.GD37534@ithaqua.etoilebsd.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 08/26/2012 05:58, Baptiste Daroussin wrote:

> The is the longer plan but this with also true with pkg_add -r, and the pkg
> bootstrap may it be pkg-bootstrap or /usr/sbin/pkg. We have been discussing with
> Security officers and we are waiting for the plan being written and setup by
> them, so we can improved security in both pkgng and the bootstrap. This should
> have happen in BSDCan, but lack of time from everyone, didn't made it happen, we
> are now aiming at Cambridge DevSummit for that.

It would be nice if this were in place before 10-current shifted to pkg
by default in order to limit the number of times that we have to start
testing over from scratch.

> Given that such a security issue is already in with the current pkg_* tools, it
> was accepting that we can still go that way until the policy is written, given
> that the final goal is to have the pkgng package checked against a signature.

This isn't the security issue I was talking about by having sbin/pkg
pass every command line to local/sbin/pkg.

You keep saying that you have no objections to changing the name. I am
asking you to do that. I don't care if it is pkg-bootstrap or something
else you like better. But please change the name to not be pkg, and
limit the functionality of the tool to bootstrapping the pkg package.

Doug

-- 

    I am only one, but I am one.  I cannot do everything, but I can do
    something.  And I will not let what I cannot do interfere with what
    I can do.
			-- Edward Everett Hale, (1822 - 1909)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?503A6D4B.9070606>