[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Miscellaneous things.
Marc Espie writes:
> On Fri, Sep 24, 1999 at 08:16:34AM -0700, Alex Bochannek wrote:
> > None of these packages came out of /usr/ports.
> Which is just plain WRONG !!!
> Stuff which builds correctly under OpenBSD belongs in port, it's not THAT
> hard to write a Makefile and a packing list, come ON people.
Whoa there! Before you foam at the mouth :-), better re-read
The security checklist alone (http://www.openbsd.org/porting.html#security)
is 16 individual things to watch for and probably alter in your
candidate port. Eg:
Any software to be installed as a server should be scanned for
buffer overflows, especially unsafe use of strcat/strcpy/strcmp/sprintf.
In general, sprintf should be replaced with snprintf.
The Makefile and packing list is a teensy part of this effort.
Don't get me wrong: I'm all for people doing the work required to
produce ports; I *love* watching people work :-) But make no mistake
that it takes a talented programmer with the requisite knowledge
and respect for the security and quality issues to do a proper job.
Oh, and the time too.
-bmw | Double helix in the sky tonight
| Throw out the hardware
| Let's do it right -- Steely Dan; Aja