Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 30 Mar 2004 11:13:12 +0200
From:      Oliver Eikemeier <eikemeier@fillmore-labs.com>
To:        Michael Nottebrock <michaelnottebrock@gmx.net>
Cc:        FreeBSD Security <security@freebsd.org>
Subject:   Re: cvs commit: ports/multimedia/xine Makefile
Message-ID:  <40693A28.9000502@fillmore-labs.com>
In-Reply-To: <406912E7.4040806@gmx.net>
References:  <200403282344.i2SNi6Hq047722@repoman.freebsd.org> <20040329163309.GA81526@madman.celabo.org> <40686785.7020002@fillmore-labs.com> <20040329185347.GB87233@madman.celabo.org> <40687E18.9060907@fillmore-labs.com> <20040329201926.GA88529@madman.celabo.org> <40689343.4080602@fillmore-labs.com> <4068A0AF.2090807@gmx.net> <4068A90A.7000104@fillmore-labs.com> <4068B881.4010304@gmx.net> <20040330045646.GD5998@madman.celabo.org> <406912E7.4040806@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Michael Nottebrock wrote:

> [...]
> However, it seems to me that marking ports FORBIDDEN for security 
> reasons is more or less obsoleted (and made redundant) by 
> portaudit/VuXML and committers having to hand-scan VuXML for updates and 
> mark ports FORBIDDEN by hand just seems like duplicated (and 
> error-prone) work... so maybe it's time to to away with marking ports 
> FORBIDDEN for security reasons completely?

I think portmgr@ is the authority here. CC'ed.

> Also, what eik says about integrating portaudit into sysinstall (does 
> this imply moving portaudit into the base-system at some point?) sounds 
> very good to me, but I still don't like security-by-default schemes 
> which can't be disabled by flipping a switch. FORBIDDEN ports are an 
> example for this, forcing users to hand-edit a port Makefile in order to 
> make it buildable (especially when the security issue is really minor or 
> I'm not even affected) is just a tad too BOFH-ish for my taste.

Just build the port with NO_IGNORE=yes. To disable portaudit use
DISABLE_VULNERABILITIES=yes. A common namespace would be a good thing here,
I guess. There is currently no way to turn of warnings selectively (like
`read and understood'), I don't know if this would be useful.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40693A28.9000502>