Date: Fri, 09 Feb 2001 11:23:26 -0700 From: Wes Peters <wes@softweyr.com> To: freebsd-advocacy@freebsd.org Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Message-ID: <3A84359E.4E8B9864@softweyr.com> References: <200102082016.PAA29933@vws3.interlog.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Some random moron at vws3.interlog.com wrote: > > II. Problem Description > > We normally do not assess security when creating the ports distribution > often allowing anyone to build any program we decide to run in the ports > directory. Recently we have noticed that we can no longer fool users > into thinking because we provide checksumming for the programs, that > they will be secure. > > Unlinke other operating systems and the developers of them who audit > their ports, we feel it is not our problem if someone accessess your > system because we're too lazy to do things right the first time. Which operating systems would this be? http://www.openbsd.org/ports.html Take particular not of the first paragraph in RED text, which says: The ports & packages collection does NOT go through the thorough security audit that OpenBSD follows. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security. Don'tcha just love it when our favorite prankster is too stupid to even effectively joke about the topics he takes on? -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A84359E.4E8B9864>