Re: math/sage security risk
On 28 May 2012 10:14, Stephen Montgomery-Smith step...@missouri.edu wrote: After my recent conversations about creating a print/texlive-install port, I realize that my math/sage port might have a security risk. This only happens if the user selects additional optional packages. But the optional packages are downloaded post-fetch. I'll make some immediate band-aid changes to the port to switch this off, but I'll think through the issue in the days to come. adding ports-security to cc so we could track the issue -- Eitan Adler ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: math/sage security risk
On 05/28/2012 01:38 PM, Eitan Adler wrote: On 28 May 2012 10:14, Stephen Montgomery-Smithstep...@missouri.edu wrote: After my recent conversations about creating a print/texlive-install port, I realize that my math/sage port might have a security risk. This only happens if the user selects additional optional packages. But the optional packages are downloaded post-fetch. I'll make some immediate band-aid changes to the port to switch this off, but I'll think through the issue in the days to come. adding ports-security to cc so we could track the issue I just committed instructions to the port math/sage telling users how to add the optional packages manually, and explaining the security risk. Please contact me if this is still a problem. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: math/sage security risk
On 28 May 2012 13:14, Stephen Montgomery-Smith step...@missouri.edu wrote: I just committed instructions to the port math/sage telling users how to add the optional packages manually, and explaining the security risk. We have a more general problem here of ports fetching post-fetch. I know others have brought this up already but count me in as someone who would like to see a fix already :) Please contact me if this is still a problem. This seems adequate for now -- Eitan Adler ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org