Date: Mon, 18 Feb 2002 11:19:50 -0800 (PST) From: Brian Behlendorf <brian@hyperreal.org> To: Miguel Mendez <flynn@energyhq.homeip.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: as they advise the Sponsor. Message-ID: <20020218111251.C2156-100000@localhost> In-Reply-To: <20020218155334.A29845@energyhq.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 18 Feb 2002, Miguel Mendez wrote: > FreeBSD is *not* by any means a mainstream OS. And that means that the > people who use it usually know what they're doing, at least to the point > of not executing a file they got from a stranger. I dunno, I end up doing "make install" in my ports tree or "pkg_add" of a package as root all the time, in both cases executing code written by people I've never met and usually don't even know the names of. I trust that those who've been given access to the FreeBSD ports three and package collections are trusted by the community, FSV of "trusted" and "community". I don't have the time to audit all of the code myself - I'm putting faith in the inherent security of an open process, which has no guarantees of reliability. Though this is leagues away from, say, running a random executable I got via email, I still fear that the biggest threat to the security of my FreeBSD laptop would be a rogue actor within a trusted circle. Of course this is much much better than having to trust one company whose business interests are to always cover up or minimize the amount of knowlege about security holes. This is probably going way off topic. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020218111251.C2156-100000>