cvs commit: ports/net/delegate Makefile distinfo pkg-message
pkg-plist
Clement Laforet
clement at FreeBSD.org
Sat Feb 21 12:02:49 PST 2004
On Sat, 21 Feb 2004 11:36:17 -0800
Kris Kennaway <kris at obsecurity.org> wrote:
> When I audited this software and added the warning, I concluded that
> delegate was fundamentally insecure from the ground up and could not
> be fixed just by patching a few things. How has this changed, and who
> has audited the new software to verify it?
Which version did you audit ? changes in 8.x fixed most of lacks of
security in protocol implementations. Since advisories are 4 years old
(and currently, except misconfiguration, there are few risks), I thought
it was reasonnable to remove warnings.
If you still consider that this software is insecure by concept, I can
re-add them, but I wonder why you don't add the same to sendmail, bind
or whatever port which got several advisories due to bad conception.
clem
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20040221/83fd7992/attachment.bin
More information about the cvs-all
mailing list