Date: Sat, 30 Sep 2000 15:33:41 -0600 From: Warner Losh <imp@village.org> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Adam Laurie <adam@algroup.co.uk>, security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <200009302133.PAA13677@harmony.village.org> In-Reply-To: Your message of "Sat, 30 Sep 2000 07:04:49 PDT." <200009301404.e8UE4xU64460@cwsys.cwsent.com> References: <200009301404.e8UE4xU64460@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200009301404.e8UE4xU64460@cwsys.cwsent.com> Cy Schubert - ITSD Open Systems Group writes: : miserably. My first impression when this happened was that I had a : sense that we had a double standard. The programs that you wanted to remove also implemented a secure protocol with Kerberos. That's why they weren't removed. They are also 1000 times more widely used than even Pine is. It would take some intellegent hacking to make it so that they would only use the secure protocol, or that you had to explicitly request the insecure one. No one has done this hacking yet. If they were less useful, less widely deployed, then maybe we could get away with deleting them completely. Sadly, they aren't, so we can't. PINE, on the other hand, is just a mail agent. It should be flagged as being dangerous and people need to jump through hoops to install it. Finally, we did kill setuidperl a while back, did we not? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009302133.PAA13677>