From owner-freebsd-ports@freebsd.org Sun Jan 28 18:35:23 2018 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6502DED8094 for ; Sun, 28 Jan 2018 18:35:23 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1CE4B694A5; Sun, 28 Jan 2018 18:35:23 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1235) id 150394870; Sun, 28 Jan 2018 18:35:23 +0000 (UTC) Received: by ivaldir.etoilebsd.net (Postfix, from userid 1001) id D2A1E6A09D; Sun, 28 Jan 2018 19:35:22 +0100 (CET) Date: Sun, 28 Jan 2018 19:35:22 +0100 From: Baptiste Daroussin To: Yasuhiro KIMURA Cc: freebsd-ports@freebsd.org Subject: Re: daily security run output and joomla3 Message-ID: <20180128183522.fzy3tmc7xdopmtmq@ivaldir.net> References: <20180129.025651.1943739201262226813.yasu@utahime.org> <20180128180456.wle3ydeqhshspq6y@ler-imac.local> <20180129.032722.1649622669605796083.yasu@utahime.org> <20180128183100.itrn2rpc3edsmhfw@ivaldir.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="zalh6f6lt64tfusi" Content-Disposition: inline In-Reply-To: <20180128183100.itrn2rpc3edsmhfw@ivaldir.net> User-Agent: NeoMutt/20171215 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jan 2018 18:35:23 -0000 --zalh6f6lt64tfusi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 28, 2018 at 07:31:00PM +0100, Baptiste Daroussin wrote: > On Mon, Jan 29, 2018 at 03:27:22AM +0900, Yasuhiro KIMURA wrote: > > From: Larry Rosenman > > Subject: Re: daily security run output and joomla3 > > Date: Sun, 28 Jan 2018 12:04:56 -0600 > >=20 > > > But as the OP notes, the joomla3 instructions *REQUIRE* > > > removal of the install directory for security reasons, so=20 > > > I understand where he is coming from.=20 > >=20 > > Do you mean that all installed file must be removed? If so, what about > > simply deinstalling joomla3 package after instructions are finished? > >=20 >=20 > Does changing the owners of the directory to nobody helps? joomla (www us= ers) > might not be able to read it Another way (still ugly) would be 2 packages: joomla and joomla-installation-cruft and once setup is done the user should pkg delete joomla-installation-cruft Just thinking, can't find better ideas so far :) Bapt --zalh6f6lt64tfusi Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgOTj3suS2urGXVU3Y4mL3PG3PloFAlpuF+oACgkQY4mL3PG3 Plr5Gw/9HlNJ9mRS44P9yw0jAx2hbAMnOA5ccymomFJdvQmue++5r4fiUBjPjs6I vy2c5wWSqjAAvMCF2y7TOtM8i6DHHm27im3xtjqRwtOpBdcVSAK0J2efLyzA6r6a TOKPjzVI+1tOdgktM26GbrLyV9wwkIYs9kTEPKdYviUKiSyjEqg4fUUA2TQY4BfJ NOcLRuaYzLs1b6n3lxEYEgsKQjkpSOJBGvskiS8P55iKImWB6dVmtp69Lw93c59J rg2tlmBdpTWGk9Tp5EjhUNa6jh89OHEtl5uXB3WxBBlu43yKLaqEOcZJn/IVivP4 XtBmcXyPWU1xguiB3+ExW3l20mDg65YzTvog6toTZ4EJ0OS9MSPulKmV6ecih1We tfJq1rtBwOSIYj8Q0Oi4rE1H3vtEUoxccz4/NKDpQuzbOCKLe0zELUVb8YFTYjvp VhxsM0j1neTV6+aOGT9NJfdZsLgYpsSKKtVEdxUwz6kRZ2aV4gA8skbsbIKvQB1L eI+w1PudQAPpfysycWed7R3158ry7RyphXvTROYgebsN8FKhozPI73xAFK2Yn7cq 3tAnZAnpL0qXb9r9OLM7wxaZ006Ev9AKEXjqFcLcP6In+owIdxTJWfC4GW32ymba w0jTQ2rzwYo2VS9RrA91muf2/bYKQrO22XzAdMcK0Qciov7VWgU= =T4oa -----END PGP SIGNATURE----- --zalh6f6lt64tfusi--