[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Miscellaneous things.

Marc Espie writes:
> On Fri, Sep 24, 1999 at 08:16:34AM -0700, Alex Bochannek wrote:
> > None of these packages came out of /usr/ports.
> Which is just plain WRONG !!!
> Stuff which builds correctly under OpenBSD belongs in port, it's not THAT
> hard to write a Makefile and a packing list, come ON people.

Whoa there!  Before you foam at the mouth :-), better re-read


The security checklist alone (http://www.openbsd.org/porting.html#security)
is 16 individual things to watch for and probably alter in your
candidate port.  Eg: 

  Any software to be installed as a server should be scanned for
  buffer overflows, especially unsafe use of strcat/strcpy/strcmp/sprintf.
  In general, sprintf should be replaced with snprintf.

The Makefile and packing list is a teensy part of this effort.

Don't get me wrong: I'm all for people doing the work required to
produce ports; I *love* watching people work :-)  But make no mistake
that it takes a talented programmer with the requisite knowledge
and respect for the security and quality issues to do a proper job.
Oh, and the time too.

-bmw   | Double helix in the sky tonight
       | Throw out the hardware
       | Let's do it right   -- Steely Dan; Aja