From owner-freebsd-hackers  Sat Apr 25 20:47:00 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA06608
          for freebsd-hackers-outgoing; Sat, 25 Apr 1998 20:47:00 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from time.cdrom.com (time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA06603
          for <hackers@FreeBSD.ORG>; Sat, 25 Apr 1998 20:46:56 -0700 (PDT)
          (envelope-from jkh@time.cdrom.com)
Received: from time.cdrom.com (localhost.cdrom.com [127.0.0.1])
	by time.cdrom.com (8.8.8/8.8.8) with ESMTP id UAA02240;
	Sat, 25 Apr 1998 20:46:45 -0700 (PDT)
	(envelope-from jkh@time.cdrom.com)
To: Eivind Eklund <eivind@yes.no>
cc: Alex <garbanzo@hooked.net>, hackers@FreeBSD.ORG
Subject: Re: Speaking of packaging tools.. 
In-reply-to: Your message of "Sun, 26 Apr 1998 05:41:43 +0200."
             <19980426054143.31001@follo.net> 
Date: Sat, 25 Apr 1998 20:46:45 -0700
Message-ID: <2238.893562405@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> OK, so my wording was lousy.  What I *meant* is "do we want the
> ultimate destination for the package system to be one where you run a
> random executable some shadowy person has put on a web- or FTP-site,
> instead of having nice, signed packages with warnings when they
> include install-scripts or go outside their alloted filesystem arena?"

No, you probably don't want to encourage executable packages if for
no other reason than the fact that it's easier to hide bogus packages
among good ones if all a package does is run itself.  If pkg_add is
properly hardened, it can provide far more reliable validation.

					Jordan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message