Date: Thu, 16 Jul 1998 18:32:44 +0300 (EEST) From: Adrian Penisoara <ady@warpnet.ro> To: Steve Price <sprice@hiwaay.net> Cc: Matt Behrens <matt@megaweapon.zigg.com>, imap-uw@freebsd.ady.ro, FreeBSD ports <freebsd-ports@FreeBSD.ORG> Subject: Re: imap-uw security hole -- please update port Message-ID: <Pine.BSF.3.96.980716182054.3069A-100000@ady.warpnet.ro> In-Reply-To: <Pine.OSF.3.96.980716100820.23260C-100000@fly.HiWAAY.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Thu, 16 Jul 1998, Steve Price wrote: > Hey, I won't worry if Matt doesn't. :) If we don't install I'd still worry if Matty was happy and the sources were security-compromising... :) > the imap tools does that satisfy your requirements Matt or > are you expecting them to be installed as part of pine4? Pine 3.96 & Pine 4.00 install only c-client library, pico (the Editor), Pilot (the file Browser) and Pine (the MUA); I believe this is what the average user expects -- if someone wants the mail daemons (ipop2d, ipop3d, imapd) then they will happily be served by the imap-uw port :) > If so, would a *_DEPENDS on the imap-uw port work? Of > course its build/install would have to be conditionalized > appropriately first of course. That wouldn't be necessary (if the POP/IMAP dameons build was expected) -- Pine 4.00 source tarball comes with the sources for these dameons already, *_DEPENDS should be used only to force using imap-uw's sources instead what the pine port has; but I do repeat: the user doesn't/shouldn't expect the port to install anything else but what they come for and that's the Pine binaries; if they want the mail daemons they should go for imap-uw... What's your opinion, Matt ? > > Just out of curiousity why isn't the imap-uw port afflicted > by the same security problems mentioned on BUGTRAQ? I believe this is because only the newly released Pine 4.00 source tarball has the latest sources wich have that security bug -- but this is just a supposition, it must be verified ! And about that, could you dig up a bit more and tell me what exactly is this security compromise about or where can I find more about it, Matt ? Thanks ! > > Steve > > On Thu, 16 Jul 1998, Adrian Penisoara wrote: > Ady (@freebsd.ady.ro) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980716182054.3069A-100000>