cvs commit: ports/multimedia/xine Makefile
Michael Nottebrock
michaelnottebrock at gmx.net
Mon Mar 29 22:25:46 PST 2004
Jacques A. Vidrine wrote:
> It so happens that in the past month or so there has been quite a
> discussion on a closed vendor security list (mostly large Linux
> distros + some UNIX vendors) regarding severity rating systems.
> It's really hard, and it's really subjective. CVE does not assign
> severity, largely because they do not feel that it is part of their
> role. Attempts to create systems such as you describe (types of
> vulnerabilities) have bogged down: some of the better thought out
> proposals result in 4-6 dimensions.
Okay, that's quite impossible then.
> The only reasonable option for the security conscious (IMHO), is to
> avoid applications with *any* reported security issues until one has
> read and understood that issue. This is pretty close to what Oliver's
> portaudit does (I think).
Right, and I have no problem with that (I _like_ portaudit :-)). However, it
seems to me that marking ports FORBIDDEN for security reasons is more or less
obsoleted (and made redundant) by portaudit/VuXML and committers having to
hand-scan VuXML for updates and mark ports FORBIDDEN by hand just seems like
duplicated (and error-prone) work... so maybe it's time to to away with
marking ports FORBIDDEN for security reasons completely?
Also, what eik says about integrating portaudit into sysinstall (does this
imply moving portaudit into the base-system at some point?) sounds very good
to me, but I still don't like security-by-default schemes which can't be
disabled by flipping a switch. FORBIDDEN ports are an example for this,
forcing users to hand-edit a port Makefile in order to make it buildable
(especially when the security issue is really minor or I'm not even affected)
is just a tad too BOFH-ish for my taste.
--
,_, | Michael Nottebrock | lofi at freebsd.org
(/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org
\u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 260 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040330/1305b4be/attachment.bin
More information about the freebsd-security
mailing list