From owner-freebsd-security Sat Sep 30 14:33:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 5CE6E37B502 for ; Sat, 30 Sep 2000 14:33:44 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id PAA27338; Sat, 30 Sep 2000 15:33:42 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id PAA13677; Sat, 30 Sep 2000 15:33:41 -0600 (MDT) Message-Id: <200009302133.PAA13677@harmony.village.org> To: Cy Schubert - ITSD Open Systems Group Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: Adam Laurie , security@FreeBSD.ORG In-reply-to: Your message of "Sat, 30 Sep 2000 07:04:49 PDT." <200009301404.e8UE4xU64460@cwsys.cwsent.com> References: <200009301404.e8UE4xU64460@cwsys.cwsent.com> Date: Sat, 30 Sep 2000 15:33:41 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200009301404.e8UE4xU64460@cwsys.cwsent.com> Cy Schubert - ITSD Open Systems Group writes: : miserably. My first impression when this happened was that I had a : sense that we had a double standard. The programs that you wanted to remove also implemented a secure protocol with Kerberos. That's why they weren't removed. They are also 1000 times more widely used than even Pine is. It would take some intellegent hacking to make it so that they would only use the secure protocol, or that you had to explicitly request the insecure one. No one has done this hacking yet. If they were less useful, less widely deployed, then maybe we could get away with deleting them completely. Sadly, they aren't, so we can't. PINE, on the other hand, is just a mail agent. It should be flagged as being dangerous and people need to jump through hoops to install it. Finally, we did kill setuidperl a while back, did we not? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message