Proposal
Jeff Aitken
jaitken at aitken.com
Thu Apr 10 15:29:44 UTC 2014
On Thu, Apr 10, 2014 at 01:20:08PM +0200, Dag-Erling Sm??rgrav wrote:
> Throwing more manpower at the job won't make a difference; in fact, it
> might slow things down due to the need to communicate and coordinate.
You mean 9 women can't make a baby in 1 month?!!
On Wed, Apr 09, 2014 at 03:44:53PM -0400, Nathan Dorfman wrote:
> While I'm out here drawing fire, I might as well also ask if I'm crazy
> to think that it might be a good idea for the base system OpenSSL (and
> other third party imports) to just disable any and all non-essential
> functionality that can be disabled at compile time? Non-essential
> meaning everything not required for the base system to function --
> there's always the ports version if anyone needs more.
I see the potential benefit but I think I'm opposed to this idea in
general. I don't like having partially-crippled software packages in the
base system because it ends up being a lot of work to deal with them.
Whether you choose to install port/package over top of the base system
version or put it in /usr/local you end up with a number of potential
issues. I base this on negative experiences that I've had with sendmail,
DNS, and kerberos in the past, to name a few.
Just my opinion, YMMV obviously.
--Jeff
More information about the freebsd-security
mailing list