Michael Nottebrock wrote: > [...] > However, it seems to me that marking ports FORBIDDEN for security > reasons is more or less obsoleted (and made redundant) by > portaudit/VuXML and committers having to hand-scan VuXML for updates and > mark ports FORBIDDEN by hand just seems like duplicated (and > error-prone) work... so maybe it's time to to away with marking ports > FORBIDDEN for security reasons completely? I think portmgr@ is the authority here. CC'ed. > Also, what eik says about integrating portaudit into sysinstall (does > this imply moving portaudit into the base-system at some point?) sounds > very good to me, but I still don't like security-by-default schemes > which can't be disabled by flipping a switch. FORBIDDEN ports are an > example for this, forcing users to hand-edit a port Makefile in order to > make it buildable (especially when the security issue is really minor or > I'm not even affected) is just a tad too BOFH-ish for my taste. Just build the port with NO_IGNORE=yes. To disable portaudit use DISABLE_VULNERABILITIES=yes. A common namespace would be a good thing here, I guess. There is currently no way to turn of warnings selectively (like `read and understood'), I don't know if this would be useful. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"