yay/nay?
Index: faq15.html
===================================================================
RCS file: /cvs/www/faq/faq15.html,v
retrieving revision 1.114
diff -u -p -r1.114 faq15.html
--- faq15.html 2 Nov 2015 03:35:44 -0000 1.114
+++ faq15.html 5 Nov 2015 14:26:10 -0000
@@ -849,8 +849,8 @@ Because the OpenBSD project does not hav
the source code of all software in the ports tree, you can configure the
ports system to take a few safety precautions.
The ports infrastructure is able to perform all building as a regular user,
-and perform only those steps that require superuser privileges as root.
-Examples are the <tt>fake</tt> and <tt>install</tt> make targets.
+and perform only those steps that require superuser privileges as root, for
+example the <tt>install</tt> make target.
However, because root privileges are always required at some point,
the ports system will not save you when you decide to build a malicious
application.
@@ -879,9 +879,8 @@ This requires granting three permissions
by adding the following line to to
<a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=mk.conf&sektion=5";>mk.conf(5)</a>:
<blockquote><pre>
- SUDO=/usr/bin/doas
- </pre></blockquote>
- </ul>
+ SUDO=/usr/bin/doas</pre>
+ </blockquote></ul>
<li>You can modify the ownerships of the ports tree so that you can write
there as a regular user.
@@ -892,20 +891,6 @@ underlying directories are made group wr
# <b>chgrp -R wsrc /usr/ports</b>
# <b>find /usr/ports -type d -exec chmod g+w {} \;</b>
</pre></blockquote>
-
-<li>You can have the ports system use
-<a
href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1";>systrace(1)</a>
-by adding the following to <tt>/etc/mk.conf</tt>
-
-<blockquote><pre>
-USE_SYSTRACE=Yes
-</pre></blockquote>
-
-This enforces the build procedure to stay inside allowed directories, and
-prohibits writing in illegal places, thereby considerably reducing the risk
-of a damaged system.
-Note that the use of systrace(1) adds about 20% overhead in build time.
-
</ul>
<p>
