cvs commit: ports/multimedia/xine Makefile
Oliver Eikemeier
eikemeier at fillmore-labs.com
Tue Mar 30 01:13:19 PST 2004
Michael Nottebrock wrote:
> [...]
> However, it seems to me that marking ports FORBIDDEN for security
> reasons is more or less obsoleted (and made redundant) by
> portaudit/VuXML and committers having to hand-scan VuXML for updates and
> mark ports FORBIDDEN by hand just seems like duplicated (and
> error-prone) work... so maybe it's time to to away with marking ports
> FORBIDDEN for security reasons completely?
I think portmgr@ is the authority here. CC'ed.
> Also, what eik says about integrating portaudit into sysinstall (does
> this imply moving portaudit into the base-system at some point?) sounds
> very good to me, but I still don't like security-by-default schemes
> which can't be disabled by flipping a switch. FORBIDDEN ports are an
> example for this, forcing users to hand-edit a port Makefile in order to
> make it buildable (especially when the security issue is really minor or
> I'm not even affected) is just a tad too BOFH-ish for my taste.
Just build the port with NO_IGNORE=yes. To disable portaudit use
DISABLE_VULNERABILITIES=yes. A common namespace would be a good thing here,
I guess. There is currently no way to turn of warnings selectively (like
`read and understood'), I don't know if this would be useful.
More information about the freebsd-security
mailing list