From owner-freebsd-security  Sat Sep 30  7: 4:41 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194])
	by hub.freebsd.org (Postfix) with ESMTP id 493BD37B503
	for <security@freebsd.org>; Sat, 30 Sep 2000 07:04:38 -0700 (PDT)
Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1)
	id 13fNFg-00041s-00; Sat, 30 Sep 2000 16:04:32 +0200
Date: Sat, 30 Sep 2000 16:04:32 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: Adam Laurie <adam@algroup.co.uk>
Cc: security@FreeBSD.ORG
Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd)
Message-ID: <20000930160432.A15451@mithrandr.moria.org>
References: <200009292349.TAA07263@giganda.komkon.org> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <20000929172644.C6456@freefall.freebsd.org> <39D5A13C.8AF289BE@algroup.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <39D5A13C.8AF289BE@algroup.co.uk>; from adam@algroup.co.uk on Sat, Sep 30, 2000 at 09:15:56AM +0100
Organization: Sunesi Clinical Systems
X-Operating-System: FreeBSD 3.3-RELEASE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat 2000-09-30 (09:15), Adam Laurie wrote:
> Kris Kennaway wrote:
> > 
> > On Fri, Sep 29, 2000 at 08:00:17PM -0400, Jonathan M. Slivko wrote:
> > 
> > > If you remove a port because of it's security concerns, then your robbing
> > > the average user the choice between what mail client to use. Also, it's not
> > > the job of the FreeBSD development team/patch/security team to weed out all
> > > the insecure programs, the responsibility lies mainly on the systems
> > 
> > Yes it is. Allowing the user to install insecure software only leaves
> > them with a false sense of security and the feeling of betrayal when
> > they get exploited through it.
> 
> Surely the same applies to FreeBSD itself?
> 
> I find it very odd that ports get so much positive pressure from this
> list to restrict/fix/exclude them when there is a security issue, but
> try and get something done to core FreeBSD scripts/services etc., and
> you'll get shot down in flames... Bizarre...

Can you give examples?

Neil
-- 
Neil Blakey-Milner
Sunesi Clinical Systems
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message