From owner-freebsd-stable  Wed Jul 10  7:33:12 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id CBD1A37B400; Wed, 10 Jul 2002 07:33:08 -0700 (PDT)
Received: from absinthe.condo.chico.ca.us (adsl-64-169-154-205.dsl.chic01.pacbell.net [64.169.154.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1F6A843E54; Wed, 10 Jul 2002 07:33:08 -0700 (PDT)
	(envelope-from fred@absinthe2.dyndns.org)
Received: from absinthe2.dyndns.org (localhost [127.0.0.1])
	by absinthe.condo.chico.ca.us (8.12.3/8.12.3) with ESMTP id g6AEX7E4070402;
	Wed, 10 Jul 2002 07:33:07 -0700 (PDT)
	(envelope-from fred@absinthe2.dyndns.org)
Received: (from fred@localhost)
	by absinthe2.dyndns.org (8.12.3/8.12.3/Submit) id g6AEX7VC070401;
	Wed, 10 Jul 2002 07:33:07 -0700 (PDT)
	(envelope-from fred)
Date: Wed, 10 Jul 2002 07:33:06 -0700
From: Fred Condo <fred@condo.chico.ca.us>
To: Mike Jakubik <mikej@trigger.net>
Cc: Stable <stable@FreeBSD.ORG>, dinoex@FreeBSD.ORG
Subject: Re: sshd vs ports sshd
Message-ID: <20020710143306.GC70071@absinthe.condo.chico.ca.us>
References: <HPEHJFKBNEHFPAOFMEDDAEHEDNAA.mikej@trigger.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <HPEHJFKBNEHFPAOFMEDDAEHEDNAA.mikej@trigger.net>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Wed, Jul 10, 2002 at 10:08:42AM -0400, Mike Jakubik wrote:
> There seems to be a conflict in the 'sshd' user of FreeBSD's built in sshd
> and the ports version.
> 
> passwd diffs:
> 12a13
> > sshd:(password):22:22::0:0:Secure Shell Daemon:/var/empty:/sbin/nologin
> 21d21
> < sshd:(password):22:22::0:0:sshd privilege
> separation:/usr/local/empty:/nonexistent
> 
> IMHO: This is exactly why server software should not be included in the base
> distribution of FreeBSD.
> 

I strenuously disagree. Should inetd be a port? Sendmail? What about
syslogd or named? Although not all should be on by default, they are
certainly essential to enough users that they should be part of the
default installation.

The ports collection, as useful and glorious as it is, is too unstable
for software this critical. Bear in mind that the only tag on the
ports collection is HEAD; there is no conservative RELENG_4_6 for the
ports. The situation with sshd is an anomaly; basing global policy on
this experience would be a Bad Thing.

-- 
Fred Condo - fred@condo.chico.ca.us
The only normal people are the ones you don't know very well.
    -- Joe Ancis

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message