From owner-freebsd-security Sat Sep 30 16:36: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id 1560737B66D for ; Sat, 30 Sep 2000 16:36:00 -0700 (PDT) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id e8UNZtm21276; Sat, 30 Sep 2000 16:35:55 -0700 Date: Sat, 30 Sep 2000 16:35:55 -0700 From: Brooks Davis To: Warner Losh Cc: Michael Bryan , freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000930163555.A19473@Odin.AC.HMC.Edu> References: <39D671D9.62E7148B@ursine.com> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> <39D671D9.62E7148B@ursine.com> <200009302308.RAA14067@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200009302308.RAA14067@harmony.village.org>; from imp@village.org on Sat, Sep 30, 2000 at 05:08:37PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 05:08:37PM -0600, Warner Losh wrote: > I think that there's a lot of support for this notion (I could be > wrong). Enough that it would be interesting trying to see how hard it > would be to come up with an API that is easy to implement in the ports > system as well as integrate into our package system. It would be a > fair amount of work, but I think in the long run it would be useful. I haven't seen any significant objections (though some early though in the dammage control department for when a well rated port causes a problem as will eventually happen would be good.) I've got one suggestion though. I'd suggest that the scale be something like 1-N plus UNKNOWN. The reason being that I can't see any agreement being forthcoming on how bad a random program off the internet should labled. Some people might want unknown code to default to the level corresponding to "known root exploits in current version" while others might consider it a bit more trustworthy then that. A variable in make.conf could be used to decided what level those should be at. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message