Re: Adding functionality to a port

From: Guido Falsi <>
Date: Tue, 16 Nov 2021 13:23:49 UTC
On 16/11/21 11:56, Kurt Jaeger wrote:
> Hi!
>> On 15/11/2021 10:21, Guido Falsi wrote:
>>> You look too worried by the "functionality added" part.
>> Yes, I am worried. Of course I am.
>> When I first asked my question the day before yesterday, the first
>> responses were in the line of "port maintainers can do whatever they
>> want", accompanied by emoticons with sunglasses.
> At least I did not understand your question as a topic on security,
> but rather on: What are the rules for a port...

Security is important, but if security is at stake we need more detailed 
info, we need "actionable" information.

As I said startup and periodic scripts are and should be installed 
disabled, if he found a port/package installing a startup 
script/periodic script auto enabling itself, he should report that and 
it should be fixed.

If there is a broken script it should be fixed.

If there is some malicious script that should not happen, committers 
should and do review submissions to avoid such things. Mistakes can 
happen, please report and make it noticed and it will be discussed/fixed.

If there is some more obscure patch to some source code causing 
significant behaviour changes in some package, please report it, as 
usual make you noticed and it will be at least discussed, if it has 
security implications I'm sure also acted upon effectively. If no 
security implication is involved there is also less urgency.

If we're talking security there is no grey area, the concept is clearly 
defined and things will be acted upon, there is no need for new rules or 

Guido Falsi <>