Date: Sun, 13 Oct 2002 06:24:37 +0100 (BST) From: Mark Valentine <mark@thuvia.demon.co.uk> To: Kris Kennaway <kris@obsecurity.org> Cc: Kris Kennaway <kris@freebsd.org>, cvs-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: ports/mail Makefile ports/mail/mh Makefile distinfo pkg-comment pkg-descr pkg-plist ports/mail/mh/files patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao ... Message-ID: <200210130524.g9D5Obe1094121@dotar.thuvia.org> In-Reply-To: <20021013051222.GA5739@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Kris Kennaway <kris@obsecurity.org> > Date: Sat 12 Oct, 2002 > Subject: Re: cvs commit: ports/mail Makefile ports/mail/mh Makefile distinfo pkg-comment pkg-descr pkg-plist ports/mail/mh/files patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao > > Aren't insecure ports still useful in environments where security isn't an > > issue? > > Perhaps, but I don't think that's a suitable justification for leaving > it to rot untouched in the ports collection forever. That's another issue. How many ports without known security problems have no maintainer, haven't been touched in ages but continue to build and be useful? If something fails to build, mark it broken, sure. If someone cares they'll fix it - and there'll still be people who get it building for themselves using the port as a basis, even if the fix isn't fed back. Removing even a broken port makes the existing patches less available as a starting point. I'd rather see a seperate INSECURE knob and a make.conf knob to say "don't care, build it anyway, maybe even tell me it's insecure". Cheers, Mark. -- Mark Valentine, Thuvia Labs <mark@thuvia.co.uk> <http://www.thuvia.co.uk>; "Tigers will do ANYTHING for a tuna fish sandwich." Mark Valentine uses "We're kind of stupid that way." *munch* *munch* and endorses FreeBSD -- <http://www.calvinandhobbes.com>; <http://www.freebsd.org>; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210130524.g9D5Obe1094121>