Date: Thu, 10 Apr 2014 15:20:39 +0000 From: Jeff Aitken <jaitken@aitken.com> To: freebsd-security@freebsd.org Subject: Re: Proposal Message-ID: <20140410152039.GA18467@hermes.aitken.com> In-Reply-To: <86y4zd4ejb.fsf@nine.des.no> References: <CAA3htvtFGU=-KYrpVpeJjd46QS7=em4n7qROqsY3V3r3Bc823w@mail.gmail.com> <86y4zd4ejb.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 10, 2014 at 01:20:08PM +0200, Dag-Erling Sm??rgrav wrote: > Throwing more manpower at the job won't make a difference; in fact, it > might slow things down due to the need to communicate and coordinate. You mean 9 women can't make a baby in 1 month?!! On Wed, Apr 09, 2014 at 03:44:53PM -0400, Nathan Dorfman wrote: > While I'm out here drawing fire, I might as well also ask if I'm crazy > to think that it might be a good idea for the base system OpenSSL (and > other third party imports) to just disable any and all non-essential > functionality that can be disabled at compile time? Non-essential > meaning everything not required for the base system to function -- > there's always the ports version if anyone needs more. I see the potential benefit but I think I'm opposed to this idea in general. I don't like having partially-crippled software packages in the base system because it ends up being a lot of work to deal with them. Whether you choose to install port/package over top of the base system version or put it in /usr/local you end up with a number of potential issues. I base this on negative experiences that I've had with sendmail, DNS, and kerberos in the past, to name a few. Just my opinion, YMMV obviously. --Jeff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140410152039.GA18467>