From owner-cvs-all@FreeBSD.ORG Sun May 4 22:32:09 2003 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 87D1337B401; Sun, 4 May 2003 22:32:09 -0700 (PDT) Received: from mx.nsu.ru (mx.nsu.ru [212.192.164.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id D91A143FBD; Sun, 4 May 2003 22:32:07 -0700 (PDT) (envelope-from danfe@regency.nsu.ru) Received: from mail by mx.nsu.ru with drweb-scanned (Exim 3.36 #1 (Debian)) id 19CYZt-0002nf-00; Mon, 05 May 2003 12:31:53 +0700 Received: from regency.nsu.ru ([193.124.210.26]) by mx.nsu.ru with esmtp (Exim 3.36 #1 (Debian)) id 19CYZg-0002m3-00; Mon, 05 May 2003 12:31:40 +0700 Received: from regency.nsu.ru (localhost [127.0.0.1]) by regency.nsu.ru (8.12.8/8.12.8) with ESMTP id h455VQZl014311; Mon, 5 May 2003 12:31:26 +0700 (NOVST) (envelope-from danfe@regency.nsu.ru) Received: (from danfe@localhost) by regency.nsu.ru (8.12.8/8.12.8/Submit) id h455VM0k014309; Mon, 5 May 2003 12:31:22 +0700 (NOVST) Date: Mon, 5 May 2003 12:31:22 +0700 From: Alexey Dokuchaev To: Kris Kennaway Message-ID: <20030505053122.GA13833@regency.nsu.ru> References: <20030430194402.GB84924@rot13.obsecurity.org> <200304301952.h3UJqiQL016860@grimreaper.grondar.org> <20030430200008.GA85160@rot13.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030430200008.GA85160@rot13.obsecurity.org> User-Agent: Mutt/1.4i X-Envelope-To: kris@obsecurity.org, mark@grondar.org, cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.11.1.4 X-Spam-Status: No, hits=-134.0 required=5.0 tests=BOGOFILTER_TEST_PASS,EMAIL_ATTRIBUTION,IN_REP_TO, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT,USER_IN_WHITELIST version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: cvs-src@freebsd.org cc: src-committers@freebsd.org cc: cvs-all@freebsd.org cc: Mark Murray Subject: Re: cvs commit: src/release Makefile src/release/scripts crypto-install.sh X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 May 2003 05:32:09 -0000 On Wed, Apr 30, 2003 at 01:00:09PM -0700, Kris Kennaway wrote: > On Wed, Apr 30, 2003 at 08:52:44PM +0100, Mark Murray wrote: > > Kris Kennaway writes: > > > > It will be a box on-the side. > > > > > > I don't understand this sentence. > > > > Sorry. :-). > > > > It is just extra commands to type. Nothing invasive. > > > > > > Simplifies installations, and if folks > > > > dont want to use the applets, they won't have to. > > > > > > But they are still there, and having a bunch of kerberos stuff > > > installed by default (as crypto is) is an additional security hazard > > > to the system. > > > > How is having the kerberos tools hazardous? > > For example, there's been at least one security vulnerability in k5su > over the past year (two if you count the different security policy > behaviour). > > The bottom line here is that most people will never use kerberos, so > installing it by default is an unnecessary security risk, and > contributes to bloat. I don't understand why this change needed to be > made; everything seemed to work fine having k5 in a separate > distribution (the makefile logic was all correct, etc). Seconded here; I'd rather have things going along the old way. ./danfe