From owner-freebsd-ports  Mon Jan 22 02:48:44 1996
Return-Path: owner-ports
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id CAA29174
          for ports-outgoing; Mon, 22 Jan 1996 02:48:44 -0800 (PST)
Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id CAA29083
          Mon, 22 Jan 1996 02:48:01 -0800 (PST)
Received: by sequent.kiae.su id AA23739
  (5.65.kiae-2 ); Mon, 22 Jan 1996 13:31:51 +0300
Received: by sequent.KIAE.su (UUMAIL/2.0); Mon, 22 Jan 96 13:31:48 +0300
Received: (from ache@localhost) by ache.dialup.ru (8.7.3/8.7.3) id NAA00986; Mon, 22 Jan 1996 13:13:02 +0300 (MSK)
To: Peter Wemm <peter@jhome.DIALix.COM>, ports@freebsd.org
Cc: security@freebsd.org
References: <Pine.BSF.3.91.960122165925.395E-100000@jhome.DIALix.COM>
In-Reply-To: <Pine.BSF.3.91.960122165925.395E-100000@jhome.DIALix.COM>;
    from Peter Wemm at Mon, 22 Jan 1996 17:14:24 +0800 (WST)
Message-Id: <cFkCs0niw3@ache.dialup.ru>
Organization: Olahm Ha-Yetzirah
Date: Mon, 22 Jan 1996 13:13:02 +0300 (MSK)
X-Mailer: Mail/@ [v2.42 FreeBSD]
From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=
    (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su>
X-Class: Fast
Subject: Re: ssh /etc config files location..
Lines: 48
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ports@freebsd.org
Precedence: bulk

In message <Pine.BSF.3.91.960122165925.395E-100000@jhome.DIALix.COM>
    Peter Wemm writes:

>I am still somewhat disturbed with the location of some rather critical 
>"per site" info from ssh in /usr/local/etc..  Specifically the ssh host 
>secret keys, and the per-site config files.

>This is (IMHO) rather dangerous.  If you NFS mount /usr/local, this will 
>screw you rather badly.

>There are precedents against this too..  gated keeps it's config files in 
>/etc.

There are precedent _for_ this, tcp_wrapper uses /usr/local/etc.

Using NFS for /usr/local/bin/{security_binaries} is big risk too
because they can be changes (like config files).
I don't see the point to move security-related configs to /etc
and _not_ to move security binaries from /usr/local.

So there is two normal solutions:
1) Leave all as is in /usr/local, but not mount it over NFS
2) Move configs & binaries _both_ off /usr/local.

I disagree with proposed solution (moving configs only to /etc).

>PS: IMHO, it was a mistake adding the BUILD_DEPENDS in wish and perl5. it 
>build's fine without them.  It seems silly to require X11 to be installed 
>in order to build the port..

It builds fine, but incomplete, namely:

ssh-askpass needs wish
make-ssh-known-hosts needs perl5

So here is two variants:
1) They are essential, so BUILD_DEPENDS is essential too.
2) They don't play big role. In this case they need to be controlled
via USE_* variables like other stuff in ssh Makefile. I.e. corresponding
BUILD_DEPENDS must be ifdefed.

Removing BUILD_DEPENDS is bad in any case.

-- 
Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
ache@astral.msk.su       : That any beholder  /Might fancy me dead -
http://dt.demos.su/~ache : Might start at beholding me,  /Thinking me dead.
RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849