cvs commit: ports/multimedia/xine Makefile
Jacques A. Vidrine
nectar at FreeBSD.org
Wed Mar 31 08:53:02 PST 2004
On Tue, Mar 30, 2004 at 06:06:33PM +0200, Oliver Eikemeier wrote:
> Jacques A. Vidrine wrote:
>
> >[...]
> >In that fashion, users have a choice of security policy.
>
> Could you elaborate a bit what you mean with `choice of
> security policy'? Which different security policies are
> there to choose from?
Sure. Here are several invented security policies:
(a) Do not install ports that have been marked FORBIDDEN.
(This is the current de facto security policy.)
(b) Do not install ports that have been entered into the VuXML
document, and warn me of any of those that are already
installed.
(portaudit implements this policy)
(c) Except for issues that I've marked ignore, do not install/warn me
about ports that have been entered into the VuXML document.
(My favorite policy.)
(d) Shutdown if any ports are installed that are listed in the
VuXML document.
(I'm just being silly.)
(e) Do not install ports with MAINTAINER=idiot at FreeBSD.org, and warn
me of any of those that are already installed.
(I'm just being silly.)
(f) Someone could potentially maintain an adjunct database that lists
just ``serious'' (by that person's definition of ``serious'')
issues by VuXML ID. Do not install ports in that adjunct database.
Hmm. Scenario (f) is essentially what you get when one adds
FORBIDDEN= http://vuxml.freebsd.org/...vid...html
to a port Makefile. As we've agreed before, ``FORBIDDEN'' is an
explicity severity indicator.
Other than selecting a default policy, we don't have to choose only
a single one of these, but only provide tools for implementing such
policies.
Cheers,
--
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the freebsd-security
mailing list