Subject: Re: pkg_delete "Executing" output
To: None <tech-pkg@NetBSD.org>
From: Juan RP <firstname.lastname@example.org>
Date: 02/10/2005 17:55:28
Content-Type: text/plain; charset=US-ASCII
On Thu, 10 Feb 2005 11:45:42 -0500 (EST)
Todd Vierling <email@example.com> wrote:
> Ah, but these warnings from pkg_* are real operational warnings that could
> have real runtime impact. I want to see the operational warnings, because
> they really could cause Bad Things to happen on my system, and I don't want
> them obscured by otherwise useless messages scrolling them right off the top
> of the screen in a flood of logs about otherwise "normal" operations.
> It doesn't matter if we deliberately trojan packages right now just to make
> the security point. Users still won't read the "Executing ..." messages
> about trojan operations; they will just blissfully ignore the messages
> anyway. After all, they're "normal" package operations, since they appear
> in just about every package, right?
> Security considerations of @[un]exec should be approached by a more
> security-centered approach, such as digital signatures.
I agree with Todd, those messages should be displayed with a verbose flag not
without it and enabled by default.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (NetBSD)
-----END PGP SIGNATURE-----