From owner-freebsd-ports@FreeBSD.ORG Sun Aug 26 18:58:14 2012 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E41E51065670; Sun, 26 Aug 2012 18:58:14 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A85A18FC12; Sun, 26 Aug 2012 18:58:14 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q7QIwErI049363; Sun, 26 Aug 2012 18:58:14 GMT (envelope-from bapt@FreeBSD.org) Received: (from bapt@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q7QIwDCJ049362; Sun, 26 Aug 2012 18:58:13 GMT (envelope-from bapt@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: bapt set sender to bapt@FreeBSD.org using -f Date: Sun, 26 Aug 2012 20:58:11 +0200 From: Baptiste Daroussin To: Doug Barton Message-ID: <20120826185810.GB42842@ithaqua.etoilebsd.net> References: <97612B57-1255-4BB3-A6D3-FC74324C6D67@FreeBSD.org> <20120824081543.GB2998@ithaqua.etoilebsd.net> <50380269.6020003@FreeBSD.org> <20120825000148.GF37867@ithaqua.etoilebsd.net> <50396113.3080607@cyberleo.net> <20120826122649.GA8995@stack.nl> <20120826125846.GD37534@ithaqua.etoilebsd.net> <503A6D4B.9070606@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="b5gNqxB1S1yM7hjW" Content-Disposition: inline In-Reply-To: <503A6D4B.9070606@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: CyberLeo Kitsana , ports@FreeBSD.org, current@FreeBSD.org, Jilles Tjoelker , Steve Wills Subject: Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Aug 2012 18:58:15 -0000 --b5gNqxB1S1yM7hjW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Aug 26, 2012 at 11:39:07AM -0700, Doug Barton wrote: > On 08/26/2012 05:58, Baptiste Daroussin wrote: >=20 > > The is the longer plan but this with also true with pkg_add -r, and the= pkg > > bootstrap may it be pkg-bootstrap or /usr/sbin/pkg. We have been discus= sing with > > Security officers and we are waiting for the plan being written and set= up by > > them, so we can improved security in both pkgng and the bootstrap. This= should > > have happen in BSDCan, but lack of time from everyone, didn't made it h= appen, we > > are now aiming at Cambridge DevSummit for that. >=20 > It would be nice if this were in place before 10-current shifted to pkg > by default in order to limit the number of times that we have to start > testing over from scratch. >=20 > > Given that such a security issue is already in with the current pkg_* t= ools, it > > was accepting that we can still go that way until the policy is written= , given > > that the final goal is to have the pkgng package checked against a sign= ature. >=20 > This isn't the security issue I was talking about by having sbin/pkg > pass every command line to local/sbin/pkg. >=20 > You keep saying that you have no objections to changing the name. I am > asking you to do that. I don't care if it is pkg-bootstrap or something > else you like better. But please change the name to not be pkg, and > limit the functionality of the tool to bootstrapping the pkg package. >=20 I received more feedback about keep pkg and changing it to pkg-bootstrap, so what should I do, changing it because you are asking for = it? regards, Bapt --b5gNqxB1S1yM7hjW Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlA6ccIACgkQ8kTtMUmk6Ey+JgCeOBqntL58TvOm3ouTgKL9Rv2v B6oAn3jxzQQsbf4gha+0JLI6+eXZbfvM =9OiR -----END PGP SIGNATURE----- --b5gNqxB1S1yM7hjW--