From owner-freebsd-security  Mon Oct  2 10:46:14 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4185A37B502; Mon,  2 Oct 2000 10:46:10 -0700 (PDT)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
	by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id NAA239228;
	Mon, 2 Oct 2000 13:45:48 -0400
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <v04210100b5fe79180dff@[128.113.24.47]>
In-Reply-To: <200009302123.PAA13609@harmony.village.org>
References: <008b01c02a71$6b8938c0$d04379a5@p4f0i0> 
 <200009292349.TAA07263@giganda.komkon.org>
 <200009302123.PAA13609@harmony.village.org>
Date: Mon, 2 Oct 2000 13:45:46 -0400
To: Warner Losh <imp@village.org>,
	"Jonathan M. Slivko" <jmslivko@mindspring.com>
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd)
Cc: "Igor Roshchin" <str@giganda.komkon.org>, kris@FreeBSD.ORG,
	roman@xpert.com, security@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 3:23 PM -0600 9/30/00, Warner Losh wrote:
> "Jonathan M. Slivko" writes:
>: it. Especially some of the addons are extemely helpful. If you ask
>: my opinion, let pine stay in it's normal state and leave the security
>: and the managment of the machines that run it to the systems
>: administrators, where the responsibilities lie in the first place.
>: Doesn't everyone agree with me on that?
>
>I think I disagree.

I do think pine should be in a "different state" of some sort, given
that we are very suspicious about the code.

>Maybe we need a category that is "This program may be insecure, set
>INSECURE_OK in your /etc/make.conf if you don't have a problem with
>that" for ports.

I would suggest that some per-port switch might be better, so one
can say "Yes, my users pretty much force me to have 'pine' available",
without that also changing the status for all other ports which would
be in this category.

disclaimer: I'm not offering to do any work, of course, I'm just
suggesting things for whoever IS willing to do the work...   :-)


---
Garance Alistair Drosehn           =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer          or  drosih@rpi.edu
Rensselaer Polytechnic Institute


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message