[ports] cvs commit: ports/devel/rubygem-daemons Makefile
distinfo
Tilman Keskinöz
arved at arved.at
Sun Jan 29 09:26:14 UTC 2012
On Jan 28, 2012, at 20:22 , Philip M. Gollucci wrote:
> On 1/28/12 1:52 AM, Tilman Keskinöz wrote:
>> If there is no reason, the port should be either fixed, or the commit backed out!
> This is not a unique problem among gems. Lots of them screw up umasks on install. Some too restrictive, some overly lax.
The committer committing the patch is responsible for testing the port for screw ups.
No port should install world-writable scripts or executables. This is a security issue. Again i ask you to fix the port or backout your commit.
In the old days, Kris processed the pointyhat logs for these issues[1]. Maybe someone with access to the pointyhat logs can do this again?
Also how about introducing a Makefile variable "WORLDWRITABLE_FILES" for the highscore files and aborting the install if a file is not mentioned in this variable.
[1] e.g. http://lists.freebsd.org/pipermail/freebsd-ports/2006-September/035115.html
More information about the freebsd-ports
mailing list