Re: svn commit: r239568 - head/etc/rc.d
On 8/22/2012 3:25 PM, David O'Brien wrote: On Wed, Aug 22, 2012 at 02:37:37PM -0700, Doug Barton wrote: Were these changes discussed somewhere and I missed it? They were not discussed. I did not see the need. This is simple functionality. If securelevel is raised 0, one cannot start up a firewall nor make major changes to time. Thus these components are required to be done before raising securelevel. I'm not opposed per se, but the security aspects should be discussed on freebsd-security@, I'm sorry, I didn't feel that ensuring the software follows the published specification of its functionality to have such a security aspect. and it's preferable that significant changes to rcorder be looked at on freebsd-rc@ as well. I don't consider this to be a significant change. I do have some significant changes that I do want freebsd-rc@ to review I will be sending soon. Can you hold off on MFC'ing any of this until it's been reviewed more thoroughly? Yes. Thanks. Just to reiterate, I'm not saying that either your changes or your methodology were wrong ... I personally would just like a little time to review them before we move forward. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r239568 - head/etc/rc.d
Were these changes discussed somewhere and I missed it? I'm not opposed per se, but the security aspects should be discussed on freebsd-security@, and it's preferable that significant changes to rcorder be looked at on freebsd-rc@ as well. Can you hold off on MFC'ing any of this until it's been reviewed more thoroughly? Doug On 08/22/2012 11:35, David E. O'Brien wrote: Author: obrien Date: Wed Aug 22 18:35:17 2012 New Revision: 239568 URL: http://svn.freebsd.org/changeset/base/239568 Log: Add dependencies based on security(7). Modified: head/etc/rc.d/securelevel Modified: head/etc/rc.d/securelevel == --- head/etc/rc.d/securelevel Wed Aug 22 18:30:13 2012(r239567) +++ head/etc/rc.d/securelevel Wed Aug 22 18:35:17 2012(r239568) @@ -4,6 +4,7 @@ # # PROVIDE: securelevel +# REQUIRE: adjkerntz ipfw ipfilter pf . /etc/rc.subr -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r239568 - head/etc/rc.d
On Wed, Aug 22, 2012 at 02:37:37PM -0700, Doug Barton wrote: Were these changes discussed somewhere and I missed it? They were not discussed. I did not see the need. This is simple functionality. If securelevel is raised 0, one cannot start up a firewall nor make major changes to time. Thus these components are required to be done before raising securelevel. I'm not opposed per se, but the security aspects should be discussed on freebsd-security@, I'm sorry, I didn't feel that ensuring the software follows the published specification of its functionality to have such a security aspect. and it's preferable that significant changes to rcorder be looked at on freebsd-rc@ as well. I don't consider this to be a significant change. I do have some significant changes that I do want freebsd-rc@ to review I will be sending soon. Can you hold off on MFC'ing any of this until it's been reviewed more thoroughly? Yes. -- -- David (obr...@freebsd.org) ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org