Subject: Re: pkg_delete "Executing" output
To: None <>
From: Juan RP <>
List: tech-pkg
Date: 02/10/2005 17:55:28
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

On Thu, 10 Feb 2005 11:45:42 -0500 (EST)
Todd Vierling <> wrote:

> Ah, but these warnings from pkg_* are real operational warnings that could
> have real runtime impact.  I want to see the operational warnings, because
> they really could cause Bad Things to happen on my system, and I don't want
> them obscured by otherwise useless messages scrolling them right off the top
> of the screen in a flood of logs about otherwise "normal" operations.
> It doesn't matter if we deliberately trojan packages right now just to make
> the security point.  Users still won't read the "Executing ..." messages
> about trojan operations; they will just blissfully ignore the messages
> anyway.  After all, they're "normal" package operations, since they appear
> in just about every package, right?
> Security considerations of @[un]exec should be approached by a more
> security-centered approach, such as digital signatures.

I agree with Todd, those messages should be displayed with a verbose flag not
without it and enabled by default.

Content-Type: application/pgp-signature

Version: GnuPG v1.4.0 (NetBSD)