From owner-freebsd-security Sat Sep 30 16: 4:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from delivery.insweb.com (delivery.insweb.com [12.16.212.64]) by hub.freebsd.org (Postfix) with ESMTP id AF17437B502 for ; Sat, 30 Sep 2000 16:04:08 -0700 (PDT) Received: from ursine.com (dhcp4-202.secure.insweb.com [192.168.4.202]) by delivery.insweb.com (8.9.2/8.9.3) with ESMTP id QAA47097 for ; Sat, 30 Sep 2000 16:04:08 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Message-ID: <39D671D9.62E7148B@ursine.com> Date: Sat, 30 Sep 2000 16:06:01 -0700 From: Michael Bryan X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) References: <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > > Maybe we need a category that is "This program may be insecure, set > INSECURE_OK in your /etc/make.conf if you don't have a problem with > that" for ports. I don't like the idea of a setting that gets set once, then allows all insecure ports to get installed without additional user confirmation. I'd much prefer an implementation that provided the following functionality: 1) By default, will not install a particular port if it is marked as potentially dangerous, but will instead provide a warning to the user/installer. 2) The user can do an override for that particular port to go ahead and install it anyway. That override must not carry over to other insecure ports, and it probably should not carry over to future re-installs of the same port. (In other words, each and every time you go to build/install an insecure port, you have to do something to override the default lockout.) That way, the admin/user gets reminded of the potential danger at every reasonable point. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message