Date: Wed, 22 May 2002 17:41:25 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: imp@village.org, bts@babbleon.org, kris@obsecurity.org, ports@FreeBSD.ORG, portmgr@FreeBSD.ORG, core@FreeBSD.ORG Subject: Re: My position on commiters guide 10.4.4 Message-ID: <20020522134124.GA98620@nagual.pp.ru> In-Reply-To: <200205221304.g4MD3ujl001185@Magelan.Leidinger.net> References: <20020522054234.GB93907@nagual.pp.ru> <200205221304.g4MD3ujl001185@Magelan.Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 22, 2002 at 15:03:56 +0200, Alexander Leidinger wrote: > > I don't think we should play the statistics game here. We know from > history about such incidents, and we want to be protected. And not protected from very similar ones, I mean with number updated. > If the author of a program puts in malicious code we can't do anything > about it in our actual way of porting applications, but if a third party > injects malicious code on a mirror side you will notice it. Either by rule I notice it even without this rule. I am not against checksums conception, but against this rule. > We are not protected against every possible attack, but we are at least > safe against some of them. Well, it is always easy to assign task needed to be done to somebody else, saying - he (porter) must do part of security officer work. Do you want to do it by yourself, for example, instead of poiting on somebody else (me)? If yes, we can announce excellent new position "ports security officer" for such type of work. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020522134124.GA98620>