pkgng suggestion: renaming /usr/sbin/pkg to
/usr/sbin/pkg-bootstrap
Baptiste Daroussin
bapt at FreeBSD.org
Sun Aug 26 18:58:15 UTC 2012
On Sun, Aug 26, 2012 at 11:39:07AM -0700, Doug Barton wrote:
> On 08/26/2012 05:58, Baptiste Daroussin wrote:
>
> > The is the longer plan but this with also true with pkg_add -r, and the pkg
> > bootstrap may it be pkg-bootstrap or /usr/sbin/pkg. We have been discussing with
> > Security officers and we are waiting for the plan being written and setup by
> > them, so we can improved security in both pkgng and the bootstrap. This should
> > have happen in BSDCan, but lack of time from everyone, didn't made it happen, we
> > are now aiming at Cambridge DevSummit for that.
>
> It would be nice if this were in place before 10-current shifted to pkg
> by default in order to limit the number of times that we have to start
> testing over from scratch.
>
> > Given that such a security issue is already in with the current pkg_* tools, it
> > was accepting that we can still go that way until the policy is written, given
> > that the final goal is to have the pkgng package checked against a signature.
>
> This isn't the security issue I was talking about by having sbin/pkg
> pass every command line to local/sbin/pkg.
>
> You keep saying that you have no objections to changing the name. I am
> asking you to do that. I don't care if it is pkg-bootstrap or something
> else you like better. But please change the name to not be pkg, and
> limit the functionality of the tool to bootstrapping the pkg package.
>
I received more feedback about keep pkg and changing it to
pkg-bootstrap, so what should I do, changing it because you are asking for it?
regards,
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20120826/619c2394/attachment.pgp
More information about the freebsd-current
mailing list