math/sage security risk
Stephen Montgomery-Smith
stephen at missouri.edu
Mon May 28 20:14:23 UTC 2012
On 05/28/2012 01:38 PM, Eitan Adler wrote:
> On 28 May 2012 10:14, Stephen Montgomery-Smith<stephen at missouri.edu> wrote:
>> After my recent conversations about creating a print/texlive-install port, I
>> realize that my math/sage port might have a security risk. This only
>> happens if the user selects additional optional packages. But the optional
>> packages are downloaded post-fetch.
>>
>> I'll make some immediate band-aid changes to the port to switch this off,
>> but I'll think through the issue in the days to come.
>
> adding ports-security to cc so we could track the issue
>
I just committed instructions to the port math/sage telling users how to
add the optional packages manually, and explaining the security risk.
Please contact me if this is still a problem.
More information about the freebsd-ports
mailing list