From owner-freebsd-security  Mon Oct 18 11:20:47 1999
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id C8FE515130
	for <freebsd-security@FreeBSD.ORG>; Mon, 18 Oct 1999 11:20:44 -0700 (PDT)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id LAA31980;
	Mon, 18 Oct 1999 11:20:38 -0700
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda31978; Mon Oct 18 11:20:36 1999
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id LAA07462;
	Mon, 18 Oct 1999 11:20:35 -0700 (PDT)
Message-Id: <199910181820.LAA07462@passer.osg.gov.bc.ca>
Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be "passer.osg.gov.bc.ca"
 via SMTP by localhost.osg.gov.bc.ca, id smtpdhc7454; Mon Oct 18 11:20:31 1999
X-Mailer: exmh version 2.1.0 09/18/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 3.3-RELEASE
X-Sender: cschuber
To: David G Andersen <danderse@cs.utah.edu>
Cc: jdn@acp.qiv.com (Jay Nelson), Cy.Schubert@uumail.gov.bc.ca,
	jwyatt@rwsystems.net, glewis@trc.adelaide.edu.au,
	freebsd-security@FreeBSD.ORG
Subject: Re: FreeSSH 
In-reply-to: Your message of "Sun, 17 Oct 1999 11:39:10 MDT."
             <199910171739.LAA21629@faith.cs.utah.edu> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 18 Oct 1999 11:20:31 -0700
From: Cy Schubert <cschuber@uumail.gov.bc.ca>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <199910171739.LAA21629@faith.cs.utah.edu>, David G Andersen 
writes:
> Given that it may take a lot of re-engineering to change the build process
> to not install the packages in the first place, what if we changed the
> installation to create a "virtual" package entry for them, so that 
> an interested sysadmin could then use pkg_delete to nuke the components of
> the package?  It would be easy enough to generate the packing list at
> compile time, and then stuff it in a known location at build time.
> 
> This wouldn't save download time or initial space, but it *would*
> help make the security goal easier, from my point of view.

In other words do what ports do currently.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Sun/DEC Team, UNIX Group    Internet:  Cy.Schubert@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Province of BC            
                      "e**(i*pi)+1=0"




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message