Date: Sat, 12 Sep 1998 20:21:19 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: freebsd-security@FreeBSD.ORG Subject: Re: sshd Message-ID: <Pine.SUN.3.96.980912200252.21513B-100000@roble.com> In-Reply-To: <Pine.ULT.4.02A.9809121806220.21822-100000@iridium.cchem.berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 12 Sep 1998, Michael Sinatra wrote: > Is it supposed to offer any advantages other than being able to cd into > the ports directory and simply type 'make' and have the system fetch the > distribution and do everything for you, *and* be reasonably well-assured > that the beast is going to compile? That is a pretty huge advantage for > an overworked sysadmin like myself. True, and ports are probably the aspect of FreeBSD I appreciate most, however, the more ports I've used the more careful I've become about them. The basic downside to ports is their lack of standardization and QA. For one thing 'make -n install' typically doesn't yield readable information unless you first 'cd work/*'. Secondly, while port A installs under /usr/<newdir>, port B installs to /usr/local/etc and port C in /usr/libexec, ... You can never be sure what is going where and it's a rare port that can be uninstalled with 'make uninstall'. There's also no way to validate all of the source hosts listed in the Makefile. We've downloaded hacked versions of a port and had to redownload and recompile when the hack became obvious (through corrupt syslogs and attempts to grab /pwd.db). Bottom line, ports are cool, no question, but not without risk. Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.96.980912200252.21513B-100000>