From owner-freebsd-ports Sat Dec 23 15:21:38 2000 From owner-freebsd-ports@FreeBSD.ORG Sat Dec 23 15:21:36 2000 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from blues.jpj.net (blues.jpj.net [204.97.17.146]) by hub.freebsd.org (Postfix) with ESMTP id 3D5E237B400; Sat, 23 Dec 2000 15:21:36 -0800 (PST) Received: from localhost (trevor@localhost) by blues.jpj.net (8.11.1/8.10.0) with ESMTP id eBNNLZ323210; Sat, 23 Dec 2000 18:21:35 -0500 (EST) Date: Sat, 23 Dec 2000 18:21:35 -0500 (EST) From: Trevor Johnson To: "David O'Brien" Cc: Kris Kennaway , Subject: Re: cvs commit: ports/x11/XFree86-aoutlibs Makefile In-Reply-To: <20001223110328.C33365@dragon.nuxi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org David O'Brien wrote: > On Thu, Dec 21, 2000 at 06:05:57AM -0800, Kris Kennaway wrote: > > Yes. A solution would be to roll our own copy of the XFree86 3.3.3 > > libraries + security patches. > > Are you going to take responsibility of getting this done? In this case, > I think marking these libs forbidden is really, really the wrong thing to > do. I'd like to see the old versions of Netscape--everything but 4.76 and 6.0--forbidden too, with mention of http://www.guninski.com/netscape.html and http://netscape.com/security/ . > We should have learned from Micro$oft that the apps drive people to > the OS, not the otherway around. For most of the applications in the ports collection, it is the other way around: few of them run only on FreeBSD. Netscape is a good example. People who want it, but don't care about the quality of the underlying OS, probably run it on some other platform. :) > You are now removing what some may say is the most important > application today from running on FreeBSD. The last I heard, the 4.76 Linux version of Netscape in the ports collection ran fine. > Maybe that would be the last straw to send a user to another version > of Unix? When a port is marked FORBIDDEN, the user (after--I hope--understanding why it was forbidden) can still install it by editing the makefile in the port skeleton, then building it. The editing should only take a few seconds. Of course, if the user wanted a pre-compiled package, the time spent compiling is "wasted" (this doesn't apply to the a.out libraries, of course). Not warning the user increases the chance that the user will not know about the problem, and that that user's FreeBSD box will get compromised. Compared to having to do a little editing and compiling, getting owned strikes me as a more likely reason for someone to switch to another OS. -- Trevor Johnson http://jpj.net/~trevor/gpgkey.txt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message