From owner-freebsd-ports Thu Jul 16 08:35:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA26969 for freebsd-ports-outgoing; Thu, 16 Jul 1998 08:35:44 -0700 (PDT) (envelope-from owner-freebsd-ports@FreeBSD.ORG) Received: from ady.warpnet.ro (ady.warpnet.ro [193.230.201.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA26936 for ; Thu, 16 Jul 1998 08:35:07 -0700 (PDT) (envelope-from ady@warpnet.ro) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.8.8/8.8.8) with SMTP id SAA03116; Thu, 16 Jul 1998 18:32:44 +0300 (EEST) (envelope-from ady@warpnet.ro) Date: Thu, 16 Jul 1998 18:32:44 +0300 (EEST) From: Adrian Penisoara To: Steve Price cc: Matt Behrens , imap-uw@freebsd.ady.ro, FreeBSD ports Subject: Re: imap-uw security hole -- please update port In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, On Thu, 16 Jul 1998, Steve Price wrote: > Hey, I won't worry if Matt doesn't. :) If we don't install I'd still worry if Matty was happy and the sources were security-compromising... :) > the imap tools does that satisfy your requirements Matt or > are you expecting them to be installed as part of pine4? Pine 3.96 & Pine 4.00 install only c-client library, pico (the Editor), Pilot (the file Browser) and Pine (the MUA); I believe this is what the average user expects -- if someone wants the mail daemons (ipop2d, ipop3d, imapd) then they will happily be served by the imap-uw port :) > If so, would a *_DEPENDS on the imap-uw port work? Of > course its build/install would have to be conditionalized > appropriately first of course. That wouldn't be necessary (if the POP/IMAP dameons build was expected) -- Pine 4.00 source tarball comes with the sources for these dameons already, *_DEPENDS should be used only to force using imap-uw's sources instead what the pine port has; but I do repeat: the user doesn't/shouldn't expect the port to install anything else but what they come for and that's the Pine binaries; if they want the mail daemons they should go for imap-uw... What's your opinion, Matt ? > > Just out of curiousity why isn't the imap-uw port afflicted > by the same security problems mentioned on BUGTRAQ? I believe this is because only the newly released Pine 4.00 source tarball has the latest sources wich have that security bug -- but this is just a supposition, it must be verified ! And about that, could you dig up a bit more and tell me what exactly is this security compromise about or where can I find more about it, Matt ? Thanks ! > > Steve > > On Thu, 16 Jul 1998, Adrian Penisoara wrote: > Ady (@freebsd.ady.ro) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message