From owner-freebsd-security Sun Oct 17 11: 7: 0 1999 Delivered-To: freebsd-security@freebsd.org Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (Postfix) with ESMTP id 1206014A2C for ; Sun, 17 Oct 1999 11:06:55 -0700 (PDT) (envelope-from matt@zigg.com) Received: from localhost (matt@localhost) by megaweapon.zigg.com (8.9.3/8.9.3) with ESMTP id OAA10673; Sun, 17 Oct 1999 14:06:33 -0400 (EDT) (envelope-from matt@zigg.com) Date: Sun, 17 Oct 1999 14:06:32 -0400 (EDT) From: Matt Behrens To: David G Andersen Cc: Jay Nelson , Cy.Schubert@uumail.gov.bc.ca, jwyatt@rwsystems.net, glewis@trc.adelaide.edu.au, freebsd-security@FreeBSD.ORG Subject: Re: FreeSSH In-Reply-To: <199910171739.LAA21629@faith.cs.utah.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 17 Oct 1999, David G Andersen wrote: : Given that it may take a lot of re-engineering to change the build process : to not install the packages in the first place, what if we changed the : installation to create a "virtual" package entry for them, so that : an interested sysadmin could then use pkg_delete to nuke the components of : the package? It would be easy enough to generate the packing list at : compile time, and then stuff it in a known location at build time. : : This wouldn't save download time or initial space, but it *would* : help make the security goal easier, from my point of view. That would probably do pretty well for the initial install, but it unfortunately doesn't address the problem of how to stop make world from happily replacing all of the newly-missing components. It is a neat idea, though. Matt Behrens Owner/Administrator, zigg.com Chief Engineer, Nameless IRC Network To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message