From owner-cvs-ports@FreeBSD.ORG  Sun Jan 29 09:26:14 2012
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 96E11106564A;
	Sun, 29 Jan 2012 09:26:14 +0000 (UTC) (envelope-from arved@arved.at)
Received: from gazoz.arved.priv.at (cl-1383.ham-01.de.sixxs.net
	[IPv6:2001:6f8:900:566::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 1F6108FC0A;
	Sun, 29 Jan 2012 09:26:13 +0000 (UTC)
Received: from inek.arved.priv.at (inek-gif0.arved.priv.at
	[IPv6:2001:6f8:13fb::2])
	by gazoz.arved.priv.at (8.14.4/8.14.4) with ESMTP id q0T9QCr7096495;
	Sun, 29 Jan 2012 10:26:12 +0100 (CET) (envelope-from arved@arved.at)
Received: from elma.arved.priv.at (elma.arved.priv.at
	[IPv6:2001:6f8:13fb:3:21b:63ff:fe04:1687] (may be forged))
	by inek.arved.priv.at (8.14.5/8.14.5) with ESMTP id q0T9Q5Mi016901;
	Sun, 29 Jan 2012 10:26:11 +0100 (CET) (envelope-from arved@arved.at)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=iso-8859-1
From: =?iso-8859-1?Q?Tilman_Keskin=F6z?= <arved@arved.at>
In-Reply-To: <4F244B0F.6050404@p6m7g8.com>
Date: Sun, 29 Jan 2012 10:26:05 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <B7730587-5921-428E-B0EC-2EF07FE1EAB1@arved.at>
References: <20111220051102.75CA6106574D@hub.freebsd.org>
	<4F22C453.9090107@arved.at> <4F22E142.4050706@p6m7g8.com>
	<8207A9DD-92C6-4CA5-846C-4B424843BA03@arved.at>
	<4F244B0F.6050404@p6m7g8.com>
To: "Philip M. Gollucci" <pgollucci@taximagic.com>
X-Mailer: Apple Mail (2.1084)
Cc: cvs-ports@FreeBSD.org, freebsd-ports@FreeBSD.org, cvs-all@FreeBSD.org,
	"Philip M. M. Gollucci" <pgollucci@gmail.com>, ports-committers@FreeBSD.org
Subject: Re: [ports] cvs commit: ports/devel/rubygem-daemons Makefile
	distinfo
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jan 2012 09:26:14 -0000


On Jan 28, 2012, at 20:22 , Philip M. Gollucci wrote:

> On 1/28/12 1:52 AM, Tilman Keskin=F6z wrote:
>> If there is no reason, the port should be either fixed, or the commit =
backed out!
> This is not a unique problem among gems.  Lots of them screw up umasks =
on install.  Some too restrictive, some overly lax.

The committer committing the patch is responsible for testing the port =
for screw ups.

No port should install world-writable scripts or executables. This is a =
security issue. Again i ask you to fix the port or backout your commit.

In the old days, Kris processed the pointyhat logs for these issues[1]. =
Maybe someone with access to the pointyhat logs can do this again?

Also how about introducing a Makefile variable "WORLDWRITABLE_FILES" for =
the highscore files and aborting the install if a file is not mentioned =
in this variable.

[1] e.g. =
http://lists.freebsd.org/pipermail/freebsd-ports/2006-September/035115.htm=
l=