Date: Mon, 5 May 2003 12:31:22 +0700 From: Alexey Dokuchaev <danfe@nsu.ru> To: Kris Kennaway <kris@obsecurity.org> Cc: Mark Murray <mark@grondar.org> Subject: Re: cvs commit: src/release Makefile src/release/scripts crypto-install.sh Message-ID: <20030505053122.GA13833@regency.nsu.ru> In-Reply-To: <20030430200008.GA85160@rot13.obsecurity.org> References: <20030430194402.GB84924@rot13.obsecurity.org> <200304301952.h3UJqiQL016860@grimreaper.grondar.org> <20030430200008.GA85160@rot13.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 30, 2003 at 01:00:09PM -0700, Kris Kennaway wrote: > On Wed, Apr 30, 2003 at 08:52:44PM +0100, Mark Murray wrote: > > Kris Kennaway writes: > > > > It will be a box on-the side. > > > > > > I don't understand this sentence. > > > > Sorry. :-). > > > > It is just extra commands to type. Nothing invasive. > > > > > > Simplifies installations, and if folks > > > > dont want to use the applets, they won't have to. > > > > > > But they are still there, and having a bunch of kerberos stuff > > > installed by default (as crypto is) is an additional security hazard > > > to the system. > > > > How is having the kerberos tools hazardous? > > For example, there's been at least one security vulnerability in k5su > over the past year (two if you count the different security policy > behaviour). > > The bottom line here is that most people will never use kerberos, so > installing it by default is an unnecessary security risk, and > contributes to bloat. I don't understand why this change needed to be > made; everything seemed to work fine having k5 in a separate > distribution (the makefile logic was all correct, etc). Seconded here; I'd rather have things going along the old way. ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030505053122.GA13833>