From owner-cvs-all@FreeBSD.ORG Sat Feb 21 12:02:48 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBB8D16A4FB for ; Sat, 21 Feb 2004 12:02:48 -0800 (PST) Received: from cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88B8A43D1F for ; Sat, 21 Feb 2004 12:02:47 -0800 (PST) (envelope-from clement@FreeBSD.org) Received: (qmail 6064 invoked by uid 85); 21 Feb 2004 21:02:46 +0100 Received: from clement@FreeBSD.org by goofy.cultdeadsheep.org by uid 82 with qmail-scanner-1.20rc2 (spamassassin: 2.61. Clear:RC:1:. Processed in 0.049331 secs); 21 Feb 2004 20:02:46 -0000 Received: from unknown (HELO satan.cultdeadsheep.org) (192.168.0.4) by goofy.cultdeadsheep.org with SMTP; 21 Feb 2004 21:02:45 +0100 Date: Sat, 21 Feb 2004 21:02:44 +0100 From: Clement Laforet To: Kris Kennaway Message-Id: <20040221210244.23d7fa99.clement@FreeBSD.org> In-Reply-To: <20040221193617.GB50771@xor.obsecurity.org> References: <200402211513.i1LFDQRA012919@repoman.freebsd.org> <20040221193617.GB50771@xor.obsecurity.org> Organization: FreeBSD Project X-Mailer: Sylpheed version 0.9.9 (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Sat__21_Feb_2004_21_02_44_+0100__nn1zrJG0ps8YNGB" cc: security-team@FreeBSD.org cc: cvs-ports@FreeBSD.org cc: cvs-all@FreeBSD.org cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/net/delegate Makefile distinfo pkg-message pkg-plist X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 20:02:49 -0000 --Signature=_Sat__21_Feb_2004_21_02_44_+0100__nn1zrJG0ps8YNGB Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit On Sat, 21 Feb 2004 11:36:17 -0800 Kris Kennaway wrote: > When I audited this software and added the warning, I concluded that > delegate was fundamentally insecure from the ground up and could not > be fixed just by patching a few things. How has this changed, and who > has audited the new software to verify it? Which version did you audit ? changes in 8.x fixed most of lacks of security in protocol implementations. Since advisories are 4 years old (and currently, except misconfiguration, there are few risks), I thought it was reasonnable to remove warnings. If you still consider that this software is insecure by concept, I can re-add them, but I wonder why you don't add the same to sendmail, bind or whatever port which got several advisories due to bad conception. clem --Signature=_Sat__21_Feb_2004_21_02_44_+0100__nn1zrJG0ps8YNGB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAN7lksRhfjwcjuh0RAiXbAJ0dhDkFsP81ATiWCfboaeKTXuFZVQCg6Xfv cvrmnVCJzShatNJ3xsZwH14= =Ejm2 -----END PGP SIGNATURE----- --Signature=_Sat__21_Feb_2004_21_02_44_+0100__nn1zrJG0ps8YNGB--