Re: that webmin port

[Dave Watson <dave@elephantride.org>]

--Ben Goren <ben@trumpetpower.com> [020504 16:17]:
> On Sat, May 04, 2002 at 05:12:46PM +0200, Marc Espie wrote:
> 
> > Being  curious,  I  looked  at  this  last  port  that  is  left
> > interactive in our tree.
> >
> > I'd like some other security conscious people to look at this.
> >
> > From  what  I've  seen  on   the  webmin  homepage,  I'm  highly
> > pessimistic.   It  looks  like  the guys  who  wrote  this  have
> > absolutely no clue about security.
> >
> > e.g.,  this seems  to  me  to be  worse  than  proftpd. and  not
> > belonging in our ports tree at all.
> 
> These people  might not  do things  the right  way, but  I'd still
> rather  have them  use OpenBSD  in a  less-than-secure manner  and
> benefit  from its  stability,  performance,  and (compromised  but
> still  above-average) security  than  see them  go with  something
> that's inferior in almost all other ways (including security, even
> with the potential problems Webmin creates).

Less-than-secure is insecure.

I think it should be removed.  If someone wants a less-than-secure
machine they should probably use something other than OpenBSD, or
download and install webmin themselves.  I have doubts that anyone will
decide to use OpenBSD simply because webmin is in the ports tree.

-- 
Dave Watson