From owner-freebsd-ports  Mon Oct 26 01:13:20 1998
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA20442
          for freebsd-ports-outgoing; Mon, 26 Oct 1998 01:13:20 -0800 (PST)
          (envelope-from owner-freebsd-ports@FreeBSD.ORG)
Received: from phmit.demon.co.uk (phmit.demon.co.uk [194.222.15.209])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id BAA20436;
          Mon, 26 Oct 1998 01:13:17 -0800 (PST)
          (envelope-from dom@phmit.demon.co.uk)
Received: from voodoo.pandhm.co.uk [10.100.35.12] 
	by phmit.demon.co.uk with esmtp (Exim 1.82 #1)
	id 0zXii2-0003pq-00; Mon, 26 Oct 1998 09:13:06 +0000
Received: from dom by voodoo.pandhm.co.uk with local (Exim 1.92 #1)
	id 0zXii0-0004xd-00; Mon, 26 Oct 1998 09:13:04 +0000
To: Jamie Zawinski <jwz@jwz.org>
cc: freebsd-ports@FreeBSD.ORG, jseger@FreeBSD.ORG
Subject: Re: ports/8411: update xscreensaver to 3.00 
X-Mailer: nmh v0.26
X-Colour: Green
Organization: Palmer & Harvey McLane
In-reply-to: Jamie Zawinski's message of "Sun, 25 Oct 1998 19:48:40 PST" <3633F118.27EDB6FD@jwz.org> 
Date: Mon, 26 Oct 1998 09:13:03 +0000
From: Dom Mitchell <dom@phmit.demon.co.uk>
Message-Id: <E0zXii0-0004xd-00@voodoo.pandhm.co.uk>
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 25 October 1998, Jamie Zawinski proclaimed:
> Dom Mitchell wrote:
> >
> > This is an update of the xscreensaver port to 3.00, the latest.  I've
> > taken out the patch which prevents it from using passwords (not sure
> > why it was there...).  It gets installed root, so it can read the
> > password file.  Personally, I like this.
> 
> Let me get this straight: 
> 
>   *  you've disabled *security code* that by your own admission 
>      you do not understand; 
> 
>   *  you did so without even bothering to ask the author of that
>      code why it was there;
> 
>   *  and then you DISTRIBUTED THE RESULT???
> 
> Do whatever crazy things you like on your own system, but
> DO NOT distribute xscreensaver modified in this way.  
> You have opened up a gaping security hole.
> 
> Please delete your modified version ASAP before someone is 
> foolish enough to install it somewhere where it can be exploited.

Darn.  You're absolutely right.  I'm sorry that this happened, I should
have tested with the patch applied first.  The ports ave broken locking
for me in the past, and it looked like that would too.

Could I please ask somebody with the appropriate privs to remove that
PR from the database so that it doesn't get used by accident.  I'll
resubmit a correct one shortly.
-- 
Dom Mitchell -- Palmer & Harvey McLane -- Unix Systems Administrator
"Xerox studies suggest that most people print out electronic mail
 that is longer than half a page; paper use rises by 40 percent in
 offices that introduce E-mail." -- CCM

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message