Date: Sat, 21 Feb 2004 21:02:44 +0100 From: Clement Laforet <clement@FreeBSD.org> To: Kris Kennaway <kris@obsecurity.org> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/net/delegate Makefile distinfo pkg-message pkg-plist Message-ID: <20040221210244.23d7fa99.clement@FreeBSD.org> In-Reply-To: <20040221193617.GB50771@xor.obsecurity.org> References: <200402211513.i1LFDQRA012919@repoman.freebsd.org> <20040221193617.GB50771@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Signature=_Sat__21_Feb_2004_21_02_44_+0100__nn1zrJG0ps8YNGB Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit On Sat, 21 Feb 2004 11:36:17 -0800 Kris Kennaway <kris@obsecurity.org> wrote: > When I audited this software and added the warning, I concluded that > delegate was fundamentally insecure from the ground up and could not > be fixed just by patching a few things. How has this changed, and who > has audited the new software to verify it? Which version did you audit ? changes in 8.x fixed most of lacks of security in protocol implementations. Since advisories are 4 years old (and currently, except misconfiguration, there are few risks), I thought it was reasonnable to remove warnings. If you still consider that this software is insecure by concept, I can re-add them, but I wonder why you don't add the same to sendmail, bind or whatever port which got several advisories due to bad conception. clem --Signature=_Sat__21_Feb_2004_21_02_44_+0100__nn1zrJG0ps8YNGB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAN7lksRhfjwcjuh0RAiXbAJ0dhDkFsP81ATiWCfboaeKTXuFZVQCg6Xfv cvrmnVCJzShatNJ3xsZwH14= =Ejm2 -----END PGP SIGNATURE----- --Signature=_Sat__21_Feb_2004_21_02_44_+0100__nn1zrJG0ps8YNGB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040221210244.23d7fa99.clement>