[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Improving security for pkgsrc
-----BEGIN PGP SIGNED MESSAGE-----
On 07/28/15 19:40, Greg Troxel wrote:
> Pierre Pronchery <khorben%defora.org@localhost> writes:
>> 1. introducing the feature (disabled by default)
> You've committed this, so this is project.
>> 2a. adventurous people/projects (EdgeBSD...) enable it by default
>> and report/fix failures
> Sure, that's fine, or someone could turn it on individually, or do
> a bulk build with it.
I am currently building some meta-packages, so far so good.
> In your experience so far, do problems show up at build time, or
> do programs just not work, or ?
Some projects might no longer build, but I do not expect much breakage
there: major distributions have been building the same software with
SSP enabled for many years now.
Issues at run-time may occur, but they depend on the code path and
context. Finding run-time issues is a good thing though: it should
indicate a bug in the program. If confirmed so, then the program had
an issue, not the compiler.
>> 2b. support gets added for more platforms 3. enabling by default
>> on NetBSD/gcc (possibly also clang), possibly partially (like for
> To get to this, we probably need a SSP_SAFE=no define for
> individual packages. And confidence that we aren't causing
> undetected/unknown breakage.
But then if it does break, and a bug is confirmed, is it not better to
break rather than expose a weird machine to potential attackers?
>> 4. fail if enabled but not supported for the current platform
> That really doesn't seem useful. Let's defer this until after it's
> the default for NetBSD/gcc.
To me it is the complete opposite. A user should not be let into a
dangerous direction without a big, fat warning and a barrier to jump
before falling off the bridge. We are operating a bridge here.
I know that most users just ignore any warning, just as they click
away those SSL validation failures. But some will care, and then among
those someone will actually step out and implement the missing bits.
This is what we should be aiming for.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
Main Index |
Thread Index |