From owner-freebsd-security Sat Sep 12 20:21:36 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA14011 for freebsd-security-outgoing; Sat, 12 Sep 1998 20:21:36 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from roble.com (roble.com [207.5.40.50]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA14005 for ; Sat, 12 Sep 1998 20:21:33 -0700 (PDT) (envelope-from sendmail@roble.com) Received: from localhost (localhost [127.0.0.1]) by roble.com (Roble) with SMTP id UAA21863 for ; Sat, 12 Sep 1998 20:21:19 -0700 (PDT) Date: Sat, 12 Sep 1998 20:21:19 -0700 (PDT) From: Roger Marquis To: freebsd-security@FreeBSD.ORG Subject: Re: sshd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 12 Sep 1998, Michael Sinatra wrote: > Is it supposed to offer any advantages other than being able to cd into > the ports directory and simply type 'make' and have the system fetch the > distribution and do everything for you, *and* be reasonably well-assured > that the beast is going to compile? That is a pretty huge advantage for > an overworked sysadmin like myself. True, and ports are probably the aspect of FreeBSD I appreciate most, however, the more ports I've used the more careful I've become about them. The basic downside to ports is their lack of standardization and QA. For one thing 'make -n install' typically doesn't yield readable information unless you first 'cd work/*'. Secondly, while port A installs under /usr/, port B installs to /usr/local/etc and port C in /usr/libexec, ... You can never be sure what is going where and it's a rare port that can be uninstalled with 'make uninstall'. There's also no way to validate all of the source hosts listed in the Makefile. We've downloaded hacked versions of a port and had to redownload and recompile when the hack became obvious (through corrupt syslogs and attempts to grab /pwd.db). Bottom line, ports are cool, no question, but not without risk. Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message