cvs commit: ports/multimedia/xine Makefile

Michael Nottebrock michaelnottebrock at gmx.net
Mon Mar 29 16:00:07 PST 2004 

Oliver Eikemeier wrote:

> Thats a question of sematics. It makes absolutely no sense to add a 
> package to
> the portaudit database when you won't mark the port as FORBIDDEN.

To me it makes no sense anymore to mark ports FORBIDDEN for security reasons 
at all - portaudit uses a centralized source of information, it is much more 
efficient than cvsup, as you mentioned it's smarter with regard to old 
versions and it does automated checks via periodic.

In short, bye-bye FORBIDDEN, hello portaudit.

> The 
> message
> is `do not install this port', and I hope to get support for portaudit into
> sysinstall to prevent users with release CDs to install vulnerable ports in
> the first place. Currently there is no such thing as `It may be ok to 
> use this
> port if you are careful', if you deem such a feature useful I will look 
> into
> implementing such a feature.

I'd deem such a feature quite useful indeed. Actually, the decisionmaking 
about what is too serious to ignore and what is not could be handed back to 
the system administrator this way: If VuXML would provide a fine-grained 
classification of security issues (not by severity, but by type: privilige 
escalation (incl. root/excl. root), local/remote denial-of-service, 
buffer-overflow-but-no-exploit-known, etc, etc), users could customize 
portaudit to forbid access to packages or just warn about them from a set of 
rules (which would ideally also allow to make exceptions by portname and other 
criteria - I realise that's quite a wishlist, but since you asked... ;-)).

The current behaviour could be provided as default.

-- 
    ,_,   | Michael Nottebrock               | lofi at freebsd.org
  (/^ ^\) | FreeBSD - The Power to Serve     | http://www.freebsd.org
    \u/   | K Desktop Environment on FreeBSD | http://freebsd.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 260 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040330/57ac7543/attachment.bin

More information about the freebsd-security mailing list