Re: Adding functionality to a port

From: Gregory Byshenk <>
Date: Tue, 16 Nov 2021 15:54:10 UTC
On Tue, Nov 16, 2021 at 11:34:45AM +0100, Rob LA LAU wrote:
> Yes, I am worried. Of course I am.
> When I first asked my question the day before yesterday, the first 
> responses were in the line of "port maintainers can do whatever they 
> want", accompanied by emoticons with sunglasses.
> So that kind of makes me wonder how seriously FreeBSD takes itself, as 
> an OS.

I am just a user, but my understanding is that FreeBSD developers
take the OS very seriously, but do not take themselves too seriously.

> And yes, I am sure that Tor runs as advertised, because I verified that 
> (as far as I could). But what if the port maintainer of some obscure 
> library, that is installed through some bizarre chain of dependencies, 
> managed to sneak in a backdoor that gives them root access to my server? 
> Then the security of my Tor installation is no longer relevant, because 
> an attacker can just gain root and compromise that installation.

The question you need to answer is "what RULE would prevent this
from happening?" My proposed answer is "none can". The only thing
that can prevent malicious code injection is actual review of the
code, to ensure that it does what it says on the label. This is
(as I understand it) part of the job of reviewers and committers.

> I really understand that not everything can be cast in stone. And I 
> understand that there must be some freedom for port maintainers. And I 
> don't want to be a Karen about it either. I am even rather pro-anarchy. 
> But not on the servers that keep my data and that of others secure. I'm 
> just looking for some guarantees for me and my users. I understand that 
> 100% guarantee is hard, if not impossible, but I would like it to be a 
> bit more than "You just shouldn't do bad things.".

There are no guarantees in this world, especially when it comes to
sofware. You may have noticed that even commrecial software usually
includes explicit rejection of any 'guarantee'. More importantly, no 
"rule" can provide such a thing.

> But I understand that I'm alone in this: only 3 or 4 people have 
> responded, and they all seemed to be very much against any rules for 
> port maintainers. So I won't insist any more.

I think the majority of developers and users feel that the porting
guidelines are reasonable as they currently exist, when combined
with the judgment of commiters and portmgr. Trying to make things
more explicit just makes the process more complicated, and - as I
note above - doesn't actually solve any problem.

gregory byshenk  -  -  Leiden, NL