From owner-freebsd-ports@FreeBSD.ORG Mon May 28 18:39:15 2012 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9B75F106571D for ; Mon, 28 May 2012 18:39:15 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by mx1.freebsd.org (Postfix) with ESMTP id 1E8FE8FC16 for ; Mon, 28 May 2012 18:39:14 +0000 (UTC) Received: by wibhn6 with SMTP id hn6so1535809wib.13 for ; Mon, 28 May 2012 11:39:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=bD6GMW8ipCQ9EBQJC7rsCxzVxgvaeqpqXRbgJDISr0s=; b=c3cJ1reuz+Dif9Et5ZLochIs++nKFUM8pasldj/t2SIneLexFvYginbsAWq+tHPdlQ BXaf59k+5HjaTdczuK044Gks7dhW/SLs+jwUy2ubZ1thilBk6k0d5jQIoc+SuLzPG24d L6YSeI6ZleXCyaRpEFhmi7vn5tfuiKREB4tsE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=bD6GMW8ipCQ9EBQJC7rsCxzVxgvaeqpqXRbgJDISr0s=; b=EwW7AG0ZlVGLCAE8AJTO3Iejc1/Cj+nDhSdBCtceDw/mGQpwNsQl7yU1JAlqCyialn /te8NoREEBRj+brHiOaipigxShK/thMQLWYNZ3AKU+1UpIch9/U84273V7rPiL/fw5Cd 4lkwbmq/RpyEM2MOg0lixHcQGYylz3c7QBsafOPXSSZP9h9q6xIO0SF1OJ6P1F9wt9eR VD7g6hr3GqtcUnKMFo3s36xiK3yuNxfAo4H7j1+QH1ETDSJ0qV6BXn0OInpDmvgmSjhs 5rheVy+0XEDEVHZ9OznlWrDY08ib3W5rrWA8r6BOODze1BkNEd5IqnRcdicQ9HbL7ki/ pqUA== Received: by 10.216.204.88 with SMTP id g66mr5308777weo.79.1338230353708; Mon, 28 May 2012 11:39:13 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.85.202 with HTTP; Mon, 28 May 2012 11:38:43 -0700 (PDT) In-Reply-To: <4FC3B293.6090701@missouri.edu> References: <4FC3B293.6090701@missouri.edu> From: Eitan Adler Date: Mon, 28 May 2012 11:38:43 -0700 Message-ID: To: Stephen Montgomery-Smith Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQmHJsOwjGBb/NZtib1u8FJ6LAhsMOUXHAVt0oBW5NVPvpceXMuA5/m9bAzFgd3hKeoyWn9R Cc: ports-security@freebsd.org, freebsd-ports@freebsd.org Subject: Re: math/sage security risk X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2012 18:39:15 -0000 On 28 May 2012 10:14, Stephen Montgomery-Smith wrote= : > After my recent conversations about creating a print/texlive-install port= , I > realize that my math/sage port might have a security risk. =C2=A0This onl= y > happens if the user selects additional optional packages. =C2=A0But the o= ptional > packages are downloaded post-fetch. > > I'll make some immediate band-aid changes to the port to switch this off, > but I'll think through the issue in the days to come. adding ports-security to cc so we could track the issue --=20 Eitan Adler