Date: Sat, 25 Apr 1998 20:46:45 -0700 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: Eivind Eklund <eivind@yes.no> Cc: Alex <garbanzo@hooked.net>, hackers@FreeBSD.ORG Subject: Re: Speaking of packaging tools.. Message-ID: <2238.893562405@time.cdrom.com> In-Reply-To: Your message of "Sun, 26 Apr 1998 05:41:43 %2B0200." <19980426054143.31001@follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> OK, so my wording was lousy. What I *meant* is "do we want the > ultimate destination for the package system to be one where you run a > random executable some shadowy person has put on a web- or FTP-site, > instead of having nice, signed packages with warnings when they > include install-scripts or go outside their alloted filesystem arena?" No, you probably don't want to encourage executable packages if for no other reason than the fact that it's easier to hide bogus packages among good ones if all a package does is run itself. If pkg_add is properly hardened, it can provide far more reliable validation. Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2238.893562405>