From owner-freebsd-bugs  Fri Jan 28  0:50:30 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from ns11.rim.or.jp (ns11.rim.or.jp [202.247.130.230])
	by hub.freebsd.org (Postfix) with ESMTP
	id F0E23158B2; Fri, 28 Jan 2000 00:50:12 -0800 (PST)
	(envelope-from max@wide.ad.jp)
Received: from rayearth.rim.or.jp (rayearth.rim.or.jp [202.247.130.242]) by ns11.rim.or.jp (8.8.8/3.5Wpl2-ns11/RIMNET-2) with ESMTP
	id RAA26305; Fri, 28 Jan 2000 17:47:36 +0900 (JST)
Received: (from uucp@localhost) by rayearth.rim.or.jp (8.8.8/3.5Wpl2-uucp1/RIMNET) with UUCP
	id RAA10186; Fri, 28 Jan 2000 17:47:36 +0900 (JST)
Received: from fr.aslm.rim.or.jp (fr.aslm.rim.or.jp [192.168.1.2]) by mail.aslm.rim.or.jp (8.9.3/3.5Wpl3-SMTP) with ESMTP id RAA29571; Fri, 28 Jan 2000 17:35:04 +0900 (JST)
Date: Fri, 28 Jan 2000 17:34:36 +0900
Message-ID: <877lgufvc3.wl@fr.aslm.rim.or.jp>
From: Masafumi NAKANE <max@wide.ad.jp>
To: kris@hub.freebsd.org
Cc: serg@dor.zaural.ru, freebsd-security@FreeBSD.org,
	freebsd-bugs@FreeBSD.org
Subject: Re: delegate buffer overflow (ports)
In-Reply-To: In your message of "Fri, 28 Jan 2000 00:07:52 -0800 (PST)"
	<Pine.BSF.4.21.0001280006430.12504-100000@hub.freebsd.org>
References: <200001280739.MAA02652@dor.zaural.ru>
	<Pine.BSF.4.21.0001280006430.12504-100000@hub.freebsd.org>
User-Agent: Wanderlust/2.2.15 (More Than Words) SEMI/1.13.7 (Awazu) FLIM/1.13.2 (Kasanui) Emacs/20.4 (i386--freebsd) MULE/4.0 (HANANOEN)
MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu")
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

I don't personally think it is too good idea to mark any ports
broken/forbidden  because of the security problem since they still are
good in dialup home environment, which I assume there are many users
of.

Instead, I will make this port to ask the user if he/she really wants
to continue the installation with the security information at
``pkg_add'', ``make pre-fetch'' and ``make install'' times.  This
still makes it possible to install the port without answering to the
question when ${BATCH} is set, but that's usually only set in package
building times.

     Cheers,
Max

At Fri, 28 Jan 2000 00:07:52 -0800 (PST),
Kris Kennaway <kris@hub.freebsd.org> wrote:
> Thanks for pointing it out..I'll look into this tomorrow and probably mark
> it FORBIDDEN (BROKEN won't be enough to stop the package building, since
> bento will try it anyway and notice it actually compiles :-)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message