Date: Sat, 30 Sep 2000 16:06:01 -0700 From: Michael Bryan <fbsd-security@ursine.com> To: freebsd-security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <39D671D9.62E7148B@ursine.com> References: <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote: > > Maybe we need a category that is "This program may be insecure, set > INSECURE_OK in your /etc/make.conf if you don't have a problem with > that" for ports. I don't like the idea of a setting that gets set once, then allows all insecure ports to get installed without additional user confirmation. I'd much prefer an implementation that provided the following functionality: 1) By default, will not install a particular port if it is marked as potentially dangerous, but will instead provide a warning to the user/installer. 2) The user can do an override for that particular port to go ahead and install it anyway. That override must not carry over to other insecure ports, and it probably should not carry over to future re-installs of the same port. (In other words, each and every time you go to build/install an insecure port, you have to do something to override the default lockout.) That way, the admin/user gets reminded of the potential danger at every reasonable point. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39D671D9.62E7148B>