Subject: Re: binary packages with vulnerabilities removed from ftp - a bad idea?
To: Matthias Buelow <mkb@incubus.de>
From: Geert Hendrickx <geert.hendrickx@ua.ac.be>
List: tech-pkg
Date: 01/31/2005 11:23:06
On Sun, Jan 30, 2005 at 05:11:36AM +0100, Matthias Buelow wrote:
> Geert Hendrickx wrote:
> 
> >Of course I don't want to encourage the use of vulnerable, outdated
> >packages, but I think that, when NetBSD and pkgsrc offer a (great!)
> >framework for source and binary packages, it should *work*.  New users
> >should then only be taught to invoke audit-packages after a pkg_add, or
> >even better: pkg_add should invoke audit-packages automatically.  
> 
> maybe move the problematic package files into a seperate, distinctive 
> directory reserved for packages with security bugs, and have the pkg_add 
> mechanism issue a comprehensible warning about that, including that they 
> have been relocated, and why that has been done so (a standard message 
> would probably suffice here).  then the user can manually add these 
> problematic packages from that directory, if he wants to.

Hm, I would prefer that pkg_add Just Does The Job, and doesn't stop at
each and every package with a known vuln.  If the user types "pkg_add
kde", he wants kde to be installed, at once, and not have to enter "yes"
ten times for that (which is what he would do anyway).  pkg_add should
just invoke audit-packages when it's done, so the user gets warned that
the current version has a known vulnerability (fixed or not).  

This way also requires the least manual intervention of the ftp
maintainers.  Just upload a new package when a fix is in pkgsrc.  

GH

-- 
:wq