From owner-freebsd-arch Tue Jun 27 13: 7:30 2000 Delivered-To: freebsd-arch@freebsd.org Received: from dt052n3e.san.rr.com (dt052n3e.san.rr.com [204.210.33.62]) by hub.freebsd.org (Postfix) with ESMTP id 0C63C37B642; Tue, 27 Jun 2000 13:07:26 -0700 (PDT) (envelope-from Doug@gorean.org) Received: from slave (doug@slave [10.0.0.1]) by dt052n3e.san.rr.com (8.9.3/8.9.3) with ESMTP id NAA26616; Tue, 27 Jun 2000 13:07:07 -0700 (PDT) (envelope-from Doug@gorean.org) Date: Tue, 27 Jun 2000 13:07:07 -0700 (PDT) From: Doug Barton X-Sender: doug@dt052n3e.san.rr.com To: Warner Losh Cc: papowell@astart.com, nik@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: Bringing LPRng into FreeBSD? In-Reply-To: <200006271754.LAA47455@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 27 Jun 2000, Warner Losh wrote: > In message <3958D9DC.DA75504E@gorean.org> Doug Barton writes: > : A point which I readily concede. My question is, should we be working > : to make it more free, or adding more software that makes it less free? > > You have this point. Wha, thank you saaaahhh :) > I've spent about 50 hours looking at relatively simple patches to > lpr/lpd to make sure they had no security implications. Turns out > they did and it wasn't obvious at first. I guess that's my motivator. *Nod* I had a feeling that part of your motivation came from your security officer hat, but I wouldn't have pointed that out if you hadn't volunteered it. > : I can't comment authoritatively on this, except to say that we do have > : volunteers willing (and apparently able) to hack on what we have. I > : would like to see them have the opportunity. > > Yes. And 3/4 of the tmie I get patches, I have to reject them because > they introduce an inintended side effect that generally has security > implications. That's why you 'da man! :) The more I learn about C, and trying to make unix apps secure the more amazed I get. If I may, I think that while on the one hand having someone else responsible for the "maintenance" of the lp* code relieve some of this burden, at the same time it introduces a number of new ones. I'm not qualified to say whether there is a profit on either side of the equation (that's really your call) but we're not eliminating a class of problems, just substituting them. > : You have left out the philosophical point. I think it's obvious that > : you don't see that as important (or important enough), but there are > : some of us who do. Perhaps in the end that's not enough of a reason to > : keep it out. I just personally feel that this would be a move in the > : wrong direction. > > I actually had missed that point in my zeal. Yeah, thence my surprise. This is one of the problems with the GNU philosophy... it all _sounds_ like a good idea, till you read the fine print. I remember when I first started looking at that stuff, back in my OS/2 days. Even the name is clever, "Artistic License." That's good stuff. Although I have to say, "General Public Virus/GPV" is the funniest software-related thing I've heard in a while... Doug -- "Live free or die" - State motto of my ancestral homeland, New Hampshire Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message