Hi Nikolay, Sebastian, Antoine, [ Cc:ing the secret maintainers ;-]
Nikolay Sturm wrote on Fri, Dec 26, 2008 at 09:37:16AM +0100: > * Ingo Schwarze [2008-12-26]: >> I'm not really sure the patch is correct and doesn't break anything >> else - though i currently don't see why any port build should be >> allowed to bind(2) inet(4) sockets. > We have two ports explicitly allowing binding to 0.0.0.0:0, devel/mico > and x11/gnustep/base. How do these cope with your proposed change? Does > denying bind(2) as suggested and removing their local filter break them? Regarding devel/mico, see my last mail. Regarding x11/gnustep/base, there have been many updates since the systrace.filter was created in the ports tree. I suspect the systrace.filter is no more needed now and can simply be deleted? At least on i386-current, x11/gnustep/base builds, installs and uninstalls cleanly for me, even when i just remove systrace.filter. Should i also try on sparc64? There is no indication in the comment in systrace.filter this has ever been platform dependent. Comparing the buildlogs with and without systrace.filter shows that they are exactly identical, see http://www.studis.de/Software/gnustep-base-1.18.0.log Again, i did not test _running_ the software, no idea what to do with that kind of stuff... :) Yours, Ingo
