On 2011-12-11, John Tate <[email protected]> wrote: > On Mon, Dec 12, 2011 at 5:55 AM, James Shupe <[email protected]> wrote: > >> No. Modifying a general purpose tool for a specific (albeit common) use >> case is stupid. Any properly implemented warning would cause pfctl to >> exit non-zero, which would break automated scripts that check the exit >> code of pfctl. You would have to add a whole new option to ignore your >> specific use case, and even that would require modifying existing >> scripts. >> >> I wish they would ban you from this list already. I'm sick of seeing >> your reply to every thread when you never have anything constructive to >> say. >> > > I am not replying to every thread on the list. You either have me confused > with someone else or there is some kind of imposter or person with a > similar name. I'm confused I should say. This was something constructive to > say regardless, it was an idea. I remember last time I was using OpenBSD (I > had a hiatus) and mmap changes broke a lot of ports.
mmap-backed malloc? you say this as if it were a bad thing. The ports were already broken, this just made it obvious (and a lot easier to debug) rather than having random failures. > There is supposed to > be an emphasis on security, not your scripts. OpenBSD warns about mistakes, > it emails you about your mistakes, and it could point out this mistake as > well. kill 1 oh wait, that didn't warn me. there is a bit of an emphasis on the OS not getting in the way of what you tell it to do. this is a two-way contract though, it involves a bit more thought in what you tell the OS to do. > Perhaps it could be for security(8) to do instead actually. I don't know, I > didn't design the fucking system, it was just a suggestion. Having security(8) warn about something which is not really a problem reduces the usefulness of the mails, because people will tend to ignore them. The goal should be to have *no* security mails sent out unless there is something that really needs investigating. >> On Mon, 2011-12-12 at 05:43 +1100, John Tate wrote: >> > It's just whining! Perhaps if should only do it if it has an Internet IP >> > address not a LAN or WAN one involved. the type of magic involved in working out if you have "an internet IP address" does not belong in either pfctl or in security.
