Date: Wed, 17 May 2000 12:49:45 -0500 From: Ade Lovett <ade@FreeBSD.org> To: Alexander Langer <alex@big.endian.de> Cc: freebsd-ports@FreeBSD.ORG Subject: Re: ports/10634 Message-ID: <20000517124945.N2742@lovett.com> In-Reply-To: <20000517194132.A20572@cichlids.cichlids.com>; from alex@big.endian.de on Wed, May 17, 2000 at 07:41:32PM %2B0200 References: <200005171728.KAA60889@freefall.freebsd.org> <20000517194132.A20572@cichlids.cichlids.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 17, 2000 at 07:41:32PM +0200, Alexander Langer wrote: > No. setuid uucp exploits aren't quite important on most boxes. > Even less, if you can trust your users. Well, IMO, if we have any port that has security holes in it of any kind, we mark it BROKEN/FORBIDDEN/whatever. The software author and port maintainer should then have a set period of time (say 3 months), to come up with a suitable fix. If none is found, the port is removed from the tree (we can always bring it back later if it does get finally fixed). As the number of ports grows, we should not let the quality drop. If anything, we should perhaps be more stringent. As far as this port goes, I've said my piece. I have better things to do with my time than argue round in circles over the relative merits of different types of exploits. They're all bad. Period. -aDe -- Ade Lovett, Austin, TX. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000517124945.N2742>