From owner-freebsd-ports  Wed May 22  6:41:43 2002
Delivered-To: freebsd-ports@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 47E3A37B404; Wed, 22 May 2002 06:41:34 -0700 (PDT)
Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1])
	by nagual.pp.ru (8.12.3/8.12.3) with ESMTP id g4MDfSoQ098715;
	Wed, 22 May 2002 17:41:31 +0400 (MSD)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: (from ache@localhost)
	by pobrecita.freebsd.ru (8.12.3/8.12.3/Submit) id g4MDfQSL098714;
	Wed, 22 May 2002 17:41:26 +0400 (MSD)
Date: Wed, 22 May 2002 17:41:25 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Alexander Leidinger <Alexander@Leidinger.net>
Cc: imp@village.org, bts@babbleon.org, kris@obsecurity.org,
	ports@FreeBSD.ORG, portmgr@FreeBSD.ORG, core@FreeBSD.ORG
Subject: Re: My position on commiters guide 10.4.4
Message-ID: <20020522134124.GA98620@nagual.pp.ru>
References: <20020522054234.GB93907@nagual.pp.ru> <200205221304.g4MD3ujl001185@Magelan.Leidinger.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200205221304.g4MD3ujl001185@Magelan.Leidinger.net>
User-Agent: Mutt/1.3.28i
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

On Wed, May 22, 2002 at 15:03:56 +0200, Alexander Leidinger wrote:
> 
> I don't think we should play the statistics game here. We know from
> history about such incidents, and we want to be protected.

And not protected from very similar ones, I mean with number updated.

> If the author of a program puts in malicious code we can't do anything
> about it in our actual way of porting applications, but if a third party
> injects malicious code on a mirror side you will notice it. Either by rule

I notice it even without this rule. I am not against checksums conception,
but against this rule.

> We are not protected against every possible attack, but we are at least
> safe against some of them.

Well, it is always easy to assign task needed to be done to somebody else,
saying - he (porter) must do part of security officer work. Do you want to
do it by yourself, for example, instead of poiting on somebody else (me)?
If yes, we can announce excellent new position "ports security officer"  
for such type of work.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message