Date: Fri, 13 Oct 2000 19:25:38 -0700 From: Kris Kennaway <kris@citusc.usc.edu> To: Marcel Moolenaar <marcel@cup.hp.com> Cc: Kris Kennaway <kris@citusc.usc.edu>, Garance A Drosihn <drosih@rpi.edu>, arch@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20001013192538.A9272@citusc17.usc.edu> In-Reply-To: <39E74774.E309DDE8@cup.hp.com>; from marcel@cup.hp.com on Fri, Oct 13, 2000 at 01:33:40PM -0400 References: <15251.971315263@winston.osd.bsdi.com> <v04210104b60acfa922f4@[128.113.24.47]> <39E5384C.4C3C0D53@cup.hp.com> <v04210105b60b62d2b755@[128.113.24.47]> <39E5F78B.299628F6@cup.hp.com> <20001012195942.A18090@citusc17.usc.edu> <39E74774.E309DDE8@cup.hp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 13, 2000 at 01:33:40PM -0400, Marcel Moolenaar wrote: > > > I installed ucd-snmp yesterday to try something out. I know it installed > > > a daemon, because it tells me so (in this case I already knew before I > > > typed make). I therefore immediately know that security, if I'd care in > > > the first place, would be an issue. In this case I couldn't care less. > > > What happens? I get a security notice... It took me 5 minutes to funnel > > > my agression :-) > > > > Code to read user's mind about whether they know the security > > implications of a port gratefully accepted. > > There's a much simpler solution. Assume the user knows what he/she is > doing. If that isn't the case, then there's also no point in trying to > teach the user about security issues in a 5 line notice. It's not about whether or not the user knows what he/she is doing, it's that some ports install things which you never would have imagined they would - setuid root binaries, starting up a gratuitous network server mode when "all you wanted" was the client functionality, etc. Unless you're intimately familiar with the FreeBSD port no amount of studliness will let you anticipate that. Kris P.S. Come on, it's only 5 lines and doesnt functionally affect the behaviour of the ports system..is it really that hard to ignore? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001013192538.A9272>