cvs commit: src/release Makefile src/release/scripts
crypto-install.sh
Kris Kennaway
kris at obsecurity.org
Wed Apr 30 13:00:11 PDT 2003
On Wed, Apr 30, 2003 at 08:52:44PM +0100, Mark Murray wrote:
> Kris Kennaway writes:
> > > It will be a box on-the side.
> >
> > I don't understand this sentence.
>
> Sorry. :-).
>
> It is just extra commands to type. Nothing invasive.
>
> > > Simplifies installations, and if folks
> > > dont want to use the applets, they won't have to.
> >
> > But they are still there, and having a bunch of kerberos stuff
> > installed by default (as crypto is) is an additional security hazard
> > to the system.
>
> How is having the kerberos tools hazardous?
For example, there's been at least one security vulnerability in k5su
over the past year (two if you count the different security policy
behaviour).
The bottom line here is that most people will never use kerberos, so
installing it by default is an unnecessary security risk, and
contributes to bloat. I don't understand why this change needed to be
made; everything seemed to work fine having k5 in a separate
distribution (the makefile logic was all correct, etc).
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20030430/42ab7716/attachment.bin
More information about the cvs-src
mailing list